Bugzilla – Bug 873235
VUL-0: CVE-2014-0150: qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function
Last modified: 2014-07-16 08:29:39 UTC
A buffer overflow flaw was found in the way qemu processed MAC addresses table update requests from the guest.
A privileged guest user could use this flaw to corrupt qemu process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the qemu process.
This issue was discovered by Michael S. Tsirkin of Red Hat.
Upstream patch submission:
CVE-2014-0150 was assigned to this issue.
bugbot adjusting priority
The SWAMPID for this issue is 57292.
This issue was rated as moderate.
Please submit fixed packages until 2014-05-23.
When done, please reassign the bug to email@example.com.
Patchinfo will be handled by security team.
Update released for: kvm, kvm-debuginfo, kvm-debugsource
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, s390x, x86_64)
SUSE-SU-2014:0816-1: An update that solves two vulnerabilities and has 20 fixes is now available.
Category: security (moderate)
Bug References: 864391,864649,864650,864653,864655,864665,864671,864673,864678,864682,864769,864796,864801,864802,864804,864805,864811,864812,864814,873235,874749,874788
CVE References: CVE-2014-0150,CVE-2014-2894
SUSE Linux Enterprise Server 11 SP3 (src): kvm-1.4.2-0.15.2
SUSE Linux Enterprise Desktop 11 SP3 (src): kvm-1.4.2-0.15.2