Bug 873235 - (CVE-2014-0150) VUL-0: CVE-2014-0150: qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function
VUL-0: CVE-2014-0150: qemu: virtio-net: buffer overflow in virtio_net_handle_...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Andreas Färber
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2014-04-11 15:20 UTC by Alexander Bergmann
Modified: 2014-07-16 08:29 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2014-04-11 15:20:25 UTC
Via rh#1078846:

A buffer overflow flaw was found in the way qemu processed MAC addresses table update requests from the guest.

A privileged guest user could use this flaw to corrupt qemu process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the qemu process.

This issue was discovered by Michael S. Tsirkin of Red Hat.

Upstream patch submission:

CVE-2014-0150 was assigned to this issue.

Comment 1 Swamp Workflow Management 2014-04-11 22:00:45 UTC
bugbot adjusting priority
Comment 7 Swamp Workflow Management 2014-05-09 09:58:07 UTC
The SWAMPID for this issue is 57292.
This issue was rated as moderate.
Please submit fixed packages until 2014-05-23.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 8 Swamp Workflow Management 2014-06-18 13:48:08 UTC
Update released for: kvm, kvm-debuginfo, kvm-debugsource
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, s390x, x86_64)
Comment 9 Swamp Workflow Management 2014-06-18 17:07:35 UTC
SUSE-SU-2014:0816-1: An update that solves two vulnerabilities and has 20 fixes is now available.

Category: security (moderate)
Bug References: 864391,864649,864650,864653,864655,864665,864671,864673,864678,864682,864769,864796,864801,864802,864804,864805,864811,864812,864814,873235,874749,874788
CVE References: CVE-2014-0150,CVE-2014-2894
Sources used:
SUSE Linux Enterprise Server 11 SP3 (src):    kvm-1.4.2-0.15.2
SUSE Linux Enterprise Desktop 11 SP3 (src):    kvm-1.4.2-0.15.2