Path to this page:
Subject: CVS commit: pkgsrc/sysutils/xenkernel45
From: Pierre Pronchery
Date: 2015-06-05 19:15:04
Message id: 20150605171504.D2BE598@cvs.netbsd.org
Log Message:
Apply fixes from upstream for XSA-133
Privilege escalation via emulated floppy disk drive
The code in qemu which emulates a floppy disk controller did not
correctly bounds check accesses to an array and therefore was
vulnerable to a buffer overflow attack.
A guest which has access to an emulated floppy device can exploit this
vulnerability to take over the qemu process elevating its privilege to
that of the qemu process.
All Xen systems running x86 HVM guests without stubdomains are
vulnerable to this depending on the specific guest configuration. The
default configuration is vulnerable.
Guests using either the traditional "qemu-xen" or upstream qemu device
models are vulnerable.
Guests using a qemu-dm stubdomain to run the device model are only
vulnerable to takeover of that service domain.
Systems running only x86 PV guests are not vulnerable.
ARM systems are not vulnerable.
Files: