Security Bulletin: Vulnerabilities in Qemu affect PowerKVM (Multiple Vulnerabilities)

Vulnerability Details

CVEID: CVE-2015-5154
DESCRIPTION: QEMU is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the IDE subsystem while processing ATAPI commands. A local attacker on a guest system with CDROM drive enabled could overflow a buffer and execute arbitrary code on the host system with the privileges of the QEMU process assigned to the guest system.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105114 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)

CVEID: CVE-2015-5158
DESCRIPTION: QEMU, built with the SCSI device emulation support, is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing SCSI command descriptor block with an invalid operation code. A local authenticated attacker could exploit this vulnerability to overflow a buffer and cause the Qemu instance to crash.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105008 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-5225
DESCRIPTION: QEMU is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the vnc_refresh_server_surface() function. A local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the host system or cause the QEMU process to crash.
CVSS Base Score: 5.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106397 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L)

CVEID: CVE-2015-5278
DESCRIPTION: Qemu is vulnerable to a denial of service, caused by an error in the ne2000_receive() function. By sending specially crafted packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop and crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-5279
DESCRIPTION: Qemu is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the ne2000_receive() function. By sending specially crafted packets, a remote attacker from within the local network could overflow a buffer and execute arbitrary code on the system or cause the Qemu instance to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106356 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-6815
DESCRIPTION: Qemu, built with the e1000 NIC emulation support, is vulnerable to a denial of service, caused by an error when processing transmit descriptor data. By sending a specially crafted network packet, a remote authenticated attacker from within the local network could exploit this vulnerability to trigger an infinite loop and cause the application to crash.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106249 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)