#VU40723 Improper access control in QEMU - CVE-2015-4106

Cybersecurity Help s.r.o.

Published: 2015-06-03 | Updated: 2020-08-09

Vulnerability identifier: #VU40723

Vulnerability risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-4106

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
QEMU
Client/Desktop applications / Virtualization software

Vendor: QEMU

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

Mitigation
Install update from vendor's website.

Vulnerable software versions

QEMU: All versions

External links
https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
https://support.citrix.com/article/CTX201145
https://www.debian.org/security/2015/dsa-3284
https://www.debian.org/security/2015/dsa-3286
https://www.securityfocus.com/bid/74949
https://www.securitytracker.com/id/1032467
https://www.ubuntu.com/usn/USN-2630-1
https://xenbits.xen.org/xsa/advisory-131.html
https://security.gentoo.org/glsa/201604-03
https://support.citrix.com/article/CTX206006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE Linux update for Xen

SUSE Linux update for xen

Multiple vulnerabilities in QEMU