Vulnerabilities > CVE-2012-6075 - Classic Buffer Overflow vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0609.NASL description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 65083 published 2013-03-08 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65083 title RHEL 6 : qemu-kvm (RHSA-2013:0609) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0609. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(65083); script_version("1.14"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2012-6075"); script_bugtraq_id(57420); script_xref(name:"RHSA", value:"2013:0609"); script_name(english:"RHEL 6 : qemu-kvm (RHSA-2013:0609)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0609" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-6075" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent-win32"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-img"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0609"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"qemu-guest-agent-0.12.1.2-2.355.el6_4.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-guest-agent-0.12.1.2-2.355.el6_4.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-img-0.12.1.2-2.355.el6_4.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-kvm-0.12.1.2-2.355.el6_4.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-kvm-tools-0.12.1.2-2.355.el6_4.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-guest-agent / qemu-guest-agent-win32 / qemu-img / qemu-kvm / etc"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2619.NASL description A buffer overflow was found in the e1000 emulation, which could be triggered when processing jumbo frames. last seen 2020-03-17 modified 2013-02-11 plugin id 64553 published 2013-02-11 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64553 title Debian DSA-2619-1 : xen-qemu-dm-4.0 - buffer overflow NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0609.NASL description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 65165 published 2013-03-10 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65165 title CentOS 6 : qemu-kvm (CESA-2013:0609) NASL family Fedora Local Security Checks NASL id FEDORA_2013-0934.NASL description - CVE-2012-6075: Buffer overflow in e1000 nic (bz #889301, bz #889304) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-29 plugin id 64267 published 2013-01-29 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64267 title Fedora 16 : qemu-0.15.1-9.fc16 (2013-0934) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0608.NASL description From Red Hat Security Advisory 2013:0608 : Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68779 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68779 title Oracle Linux 5 : kvm (ELSA-2013-0608) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0599.NASL description From Red Hat Security Advisory 2013:0599 : Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68774 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68774 title Oracle Linux 5 : xen (ELSA-2013-0599) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0446-1.NASL description The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. (bnc#841766) XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. (bnc#839596) XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. (bnc#839618) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) XSA-58: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to last seen 2020-06-05 modified 2015-05-20 plugin id 83616 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83616 title SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-310.NASL description XEN was updated to fix various bugs and security issues : Security issues fixed : - bnc#800275 - CVE-2013-0153: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs - bnc#797523 - CVE-2012-6075: qemu / kvm-qemu: e1000 overflows under some conditions - bnc#797031 - Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only) - bnc#794316 - CVE-2012-5634: xen: VT-d interrupt remapping source validation flaw (XSA-33) Bugs fixed : - Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_exte nded_msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another- cpupool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-value s.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.p atch 26683-credit1-Use-atomic-bit-operations-for-the-flags-st ructure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch - bnc#805094 - xen hot plug attach/detach fails modified blktap-pv-cdrom.patch - bnc#802690 - domain locking can prevent a live migration from completing modified xend-domain-lock.patch - bnc#797014 - no way to control live migrations 26547-tools-xc_fix_logic_error_in_stdiostream_progress.p atch 26548-tools-xc_handle_tty_output_differently_in_stdiostr eam_progress.patch 26549-tools-xc_turn_XCFLAGS__into_shifts.patch 26550-tools-xc_restore_logging_in_xc_save.patch 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patc h 26675-tools-xentoollog_update_tty_detection_in_stdiostre am_progress.patch xen.migrate.tools-xc_print_messages_from_xc_save_with_xc _report.patch xen.migrate.tools-xc_document_printf_calls_in_xc_restore .patch xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirt y.patch xen.migrate.tools_set_migration_constraints_from_cmdline .patch xen.migrate.tools_add_xm_migrate_--log_progress_option.p atch - remove old patches: xen.xc.progress.patch xen.xc_save.details.patch xen.migration.abort_if_busy.patch - bnc#806736: enabling xentrace crashes hypervisor 26686-xentrace_fix_off-by-one_in_calculate_tbuf_size.pat ch - Upstream patches from Jan 26287-sched-credit-pick-idle.patch 26501-VMX-simplify-CR0-update.patch 26502-VMX-disable-SMEP-when-not-paging.patch 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) - bnc#798188 - Add $network to xend initscript dependencies - bnc#797014 - no way to control live migrations - fix logic error in stdiostream_progress xen.xc.progress.patch - restore logging in xc_save xen.xc_save.details.patch - add options to control migration tunables --max_iters, --max_factor, --abort_if_busy xen.migration.abort_if_busy.patch - bnc#799694 - Unable to dvd or cdrom-boot DomU after xen-tools update Fixed with update to Xen version 4.1.4 - bnc#800156 - L3: HP iLo Generate NMI function not working in XEN kernel 26440-x86-forward-SERR.patch - Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch 26427-x86-AMD-enable-WC+.patch - bnc#793927 - Xen VMs with more than 2 disks randomly fail to start 25590-hotplug-locking.patch 25595-hotplug-locking.patch 26079-hotplug-locking.patch - Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch 26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch) 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch - Update to Xen 4.1.4 c/s 23432 - Update xenpaging.guest-memusage.patch add rule for xenmem to avoid spurious build failures - Upstream patches from Jan 26179-PCI-find-next-cap.patch 26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch 26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) 26235-IOMMU-ATS-max-queue-depth.patch 26272-x86-EFI-makefile-cflags-filter.patch 26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch - Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI Makefile to do additional filtering. EFI-makefile-cflags-filter.patch last seen 2020-06-05 modified 2014-06-13 plugin id 74966 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74966 title openSUSE Security Update : xen (openSUSE-SU-2013:0636-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2608.NASL description It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default). last seen 2020-03-17 modified 2013-01-16 plugin id 63557 published 2013-01-16 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63557 title Debian DSA-2608-1 : qemu - buffer overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0608.NASL description Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 65082 published 2013-03-08 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65082 title RHEL 5 : kvm (RHSA-2013:0608) NASL family Scientific Linux Local Security Checks NASL id SL_20130306_XEN_ON_SL5_X.NASL description A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully- virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect. last seen 2020-03-18 modified 2013-03-08 plugin id 65090 published 2013-03-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65090 title Scientific Linux Security Update : xen on SL5.x i386/x86_64 (20130306) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0608.NASL description Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 65164 published 2013-03-10 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65164 title CentOS 5 : kvm (CESA-2013:0608) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-24.NASL description The remote host is affected by the vulnerability described in GLSA-201309-24 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. Workaround : The CVEs listed below do not currently have fixes, but only apply to Xen setups which have “tmem” specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036 last seen 2020-06-01 modified 2020-06-02 plugin id 70184 published 2013-09-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70184 title GLSA-201309-24 : Xen: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0599.NASL description Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 65069 published 2013-03-07 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65069 title RHEL 5 : xen (RHSA-2013:0599) NASL family Fedora Local Security Checks NASL id FEDORA_2013-0971.NASL description - CVE-2012-6075: Buffer overflow in e1000 nic (bz #889301, bz #889304) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-28 plugin id 64256 published 2013-01-28 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64256 title Fedora 17 : qemu-1.0.1-3.fc17 (2013-0971) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-677.NASL description XEN was updated to 4.2.2, fixing lots of bugs and several security issues. Various upstream patches were also merged into this version by our developers. Detailed buglist : - bnc#824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc#817799 - sles9sp4 guest fails to start after upgrading to sles11 sp3 - bnc#826882 - xen: CVE-2013-1432: XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes - Add upstream patch to fix devid assignment in libxl 27184-libxl-devid-fix.patch - bnc#823608 - xen: XSA-57: libxl allows guest write access to sensitive console related xenstore keys 27178-libxl-Restrict-permissions-on-PV-console-device-xe nstore-nodes.patch - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling - bnc#808269 - Fully Virtualized Windows VM install is failed on Ivy Bridge platforms with Xen kernel - bnc#801663 - performance of mirror lvm unsuitable for production block-dmmd - bnc#817904 - [SLES11SP3 BCS Bug] Crashkernel fails to boot after panic on XEN kernel SP3 Beta 4 and RC1 - Upstream AMD Erratum patch from Jan - bnc#813675 - - xen: CVE-2013-1919: XSA-46: Several access permission issues with IRQs for unprivileged guests - bnc#820917 - CVE-2013-2076: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) - bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to missing exception recovery on XRSTOR (XSA-53) - bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to missing exception recovery on XSETBV (XSA-54) - bnc#808085 - aacraid driver panics mapping INT A when booting kernel-xen - bnc#817210 - openSUSE 12.3 Domain 0 doesn last seen 2020-06-05 modified 2014-06-13 plugin id 75130 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75130 title openSUSE Security Update : xen (openSUSE-SU-2013:1404-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0636.NASL description An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-1619) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-0292 (dbus-glib issue) CVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues) CVE-2013-0338 (libxml2 issue) This update contains the builds from the following errata : ovirt-node: RHBA-2013:0634 https://rhn.redhat.com/errata/RHBA-2013-0634.html kernel: RHSA-2013:0630 https://rhn.redhat.com/errata/RHSA-2013-0630.html dbus-glib: RHSA-2013:0568 https://rhn.redhat.com/errata/RHSA-2013-0568.html libcgroup: RHBA-2013:0560 https://rhn.redhat.com/errata/RHBA-2013-0560.html vdsm: RHBA-2013:0635 https://rhn.redhat.com/errata/RHBA-2013-0635.html selinux-policy: RHBA-2013:0618 https://rhn.redhat.com/errata/RHBA-2013-0618.html qemu-kvm-rhev: RHSA-2013:0610 https://rhn.redhat.com/errata/RHSA-2013-0610.html glusterfs: RHBA-2013:0620 https://rhn.redhat.com/errata/RHBA-2013-0620.html gnutls: RHSA-2013:0588 https://rhn.redhat.com/errata/RHSA-2013-0588.html ipmitool: RHBA-2013:0572 https://rhn.redhat.com/errata/RHBA-2013-0572.html libxml2: RHSA-2013:0581 https://rhn.redhat.com/errata/RHSA-2013-0581.html openldap: RHBA-2013:0598 https://rhn.redhat.com/errata/RHBA-2013-0598.html openssl: RHSA-2013:0587 https://rhn.redhat.com/errata/RHSA-2013-0587.html Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78952 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78952 title RHEL 6 : rhev-hypervisor6 (RHSA-2013:0636) NASL family Scientific Linux Local Security Checks NASL id SL_20130307_QEMU_KVM_ON_SL6_X.NASL description A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. last seen 2020-03-18 modified 2013-03-08 plugin id 65092 published 2013-03-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65092 title Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20130307) NASL family Fedora Local Security Checks NASL id FEDORA_2013-6723.NASL description - Thu Apr 25 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.5-1 - update to xen-4.1.5 includes fixes for passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) grant releases can release more than intended potentially crashing xen [XSA-50, CVE-2013-1964] (#953632) - remove patches that are included in 4.1.5 - allow xendomains to work with xl saved images - Thu Apr 4 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-7 - make xendomains systemd script executable (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920] - Fri Feb 22 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-6 - patch for [XSA-36, CVE-2013-0153] can cause boot time crash - backport the fixes discovered when building with gcc 4.8 - Fri Feb 15 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-5 - patch for [XSA-38, CVE-2013-0215] was flawed - Wed Feb 6 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-4 - guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - Thu Jan 17 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-3 - Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845) - fix a bug introduced by fix for XSA-27 - Fri Jan 11 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-2 - VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - Tue Dec 18 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-1 - update to xen-4.1.4 - remove patches that are included in 4.1.4 - Tue Dec 4 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.3-7 - 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) An HVM guest can cause xen to crash or leak information [XSA-28, CVE-2012-5512] (#883085) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) - Tue Nov 13 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.3-6 - 5 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) [plus 60 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-05-05 plugin id 66321 published 2013-05-05 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66321 title Fedora 17 : xen-4.1.5-1.fc17 (2013-6723) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0609.NASL description From Red Hat Security Advisory 2013:0609 : Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68780 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68780 title Oracle Linux 6 : qemu-kvm (ELSA-2013-0609) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1692-1.NASL description It was discovered that QEMU incorrectly handled certain e1000 packet sizes. In certain environments, an attacker may use this flaw in combination with large packets to cause a denial of service or execute arbitrary code in the guest. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 63608 published 2013-01-17 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63608 title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : qemu-kvm vulnerability (USN-1692-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2607.NASL description It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default). last seen 2020-03-17 modified 2013-01-16 plugin id 63556 published 2013-01-16 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63556 title Debian DSA-2607-1 : qemu-kvm - buffer overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0610.NASL description Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 78951 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78951 title RHEL 6 : qemu-kvm-rhev (RHSA-2013:0610) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0599.NASL description Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 65063 published 2013-03-07 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65063 title CentOS 5 : xen (CESA-2013:0599) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-121.NASL description Updated qemu packages fix security vulnerability : A flaw was found in how qemu, in snapshot mode (-snapshot command line argument), handled the creation and opening of the temporary file used to store the difference of the virtualized guest last seen 2020-06-01 modified 2020-06-02 plugin id 66133 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66133 title Mandriva Linux Security Advisory : qemu (MDVSA-2013:121) NASL family SuSE Local Security Checks NASL id SUSE_11_XEN-130313.NASL description XEN has been updated to fix various bugs and security issues : - (XSA 36) To avoid an erratum in early hardware, the Xen AMD IOMMU code by default choose to use a single interrupt remapping table for the whole system. This sharing implied that any guest with a passed through PCI device that is bus mastering capable can inject interrupts into other guests, including domain 0. This has been disabled for AMD chipsets not capable of it. (CVE-2013-0153) - qemu: The e1000 had overflows under some conditions, potentially corrupting memory. (CVE-2012-6075) - (XSA 37) Hypervisor crash due to incorrect ASSERT (debug build only). (CVE-2013-0154) - (XSA-33) A VT-d interrupt remapping source validation flaw was fixed. Also the following bugs have been fixed :. (CVE-2012-5634) - xen hot plug attach/detach fails. (bnc#805094) - domain locking can prevent a live migration from completing. (bnc#802690) - no way to control live migrations. (bnc#797014) - fix logic error in stdiostream_progress - restore logging in xc_save - add options to control migration tunables - enabling xentrace crashes hypervisor. (bnc#806736) - Upstream patches from Jan 26287-sched-credit-pick-idle.patch 26501-VMX-simplify-CR0-update.patch 26502-VMX-disable-SMEP-when-not-paging.patch 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) - Add $network to xend initscript dependencies. (bnc#798188) - Unable to dvd or cdrom-boot DomU after xen-tools update Fixed with update to Xen version 4.1.4. (bnc#799694) - L3: HP iLo Generate NMI function not working in XEN kernel. (bnc#800156) - Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch 26427-x86-AMD-enable-WC+.patch - Xen VMs with more than 2 disks randomly fail to start. (bnc#793927) - Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch 26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch) 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch - Update to Xen 4.1.4 c/s 23432 - Update xenpaging.guest-memusage.patch add rule for xenmem to avoid spurious build failures - Upstream patches from Jan 26179-PCI-find-next-cap.patch 26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch 26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) 26235-IOMMU-ATS-max-queue-depth.patch 26272-x86-EFI-makefile-cflags-filter.patch 26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch - Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI Makefile to do additional filtering. last seen 2020-06-05 modified 2013-04-04 plugin id 65797 published 2013-04-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65797 title SuSE 11.2 Security Update : Xen (SAT Patch Number 7492) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-311.NASL description XEN was updated to fix various bugs and security issues : Security issues fixed : - bnc#800275 - CVE-2013-0153: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs - bnc#797523 - CVE-2012-6075: qemu / kvm-qemu: e1000 overflows under some conditions - bnc#797031 - Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only) - bnc#794316 - CVE-2012-5634: xen: VT-d interrupt remapping source validation flaw (XSA-33) Bugs fixed : - Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_exte nded_msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another- cpupool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-value s.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.p atch 26683-credit1-Use-atomic-bit-operations-for-the-flags-st ructure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch - bnc#805094 - xen hot plug attach/detach fails modified blktap-pv-cdrom.patch - bnc#802690 - domain locking can prevent a live migration from completing modified xend-domain-lock.patch - bnc#797014 - no way to control live migrations 26547-tools-xc_fix_logic_error_in_stdiostream_progress.p atch 26548-tools-xc_handle_tty_output_differently_in_stdiostr eam_progress.patch 26549-tools-xc_turn_XCFLAGS__into_shifts.patch 26550-tools-xc_restore_logging_in_xc_save.patch 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patc h 26675-tools-xentoollog_update_tty_detection_in_stdiostre am_progress.patch xen.migrate.tools-xc_print_messages_from_xc_save_with_xc _report.patch xen.migrate.tools-xc_document_printf_calls_in_xc_restore .patch xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirt y.patch xen.migrate.tools_set_migration_constraints_from_cmdline .patch xen.migrate.tools_add_xm_migrate_--log_progress_option.p atch - remove old patches: xen.xc.progress.patch xen.xc_save.details.patch xen.migration.abort_if_busy.patch - bnc#806736: enabling xentrace crashes hypervisor 26686-xentrace_fix_off-by-one_in_calculate_tbuf_size.pat ch - Upstream patches from Jan 26287-sched-credit-pick-idle.patch 26501-VMX-simplify-CR0-update.patch 26502-VMX-disable-SMEP-when-not-paging.patch 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) - bnc#798188 - Add $network to xend initscript dependencies - bnc#797014 - no way to control live migrations - fix logic error in stdiostream_progress xen.xc.progress.patch - restore logging in xc_save xen.xc_save.details.patch - add options to control migration tunables --max_iters, --max_factor, --abort_if_busy xen.migration.abort_if_busy.patch - bnc#799694 - Unable to dvd or cdrom-boot DomU after xen-tools update Fixed with update to Xen version 4.1.4 - bnc#800156 - L3: HP iLo Generate NMI function not working in XEN kernel 26440-x86-forward-SERR.patch - Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch 26427-x86-AMD-enable-WC+.patch - bnc#793927 - Xen VMs with more than 2 disks randomly fail to start 25590-hotplug-locking.patch 25595-hotplug-locking.patch 26079-hotplug-locking.patch - Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch 26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch) 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch - Update to Xen 4.1.4 c/s 23432 - Update xenpaging.guest-memusage.patch add rule for xenmem to avoid spurious build failures - Upstream patches from Jan 26179-PCI-find-next-cap.patch 26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch 26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) 26235-IOMMU-ATS-max-queue-depth.patch 26272-x86-EFI-makefile-cflags-filter.patch 26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch - Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI Makefile to do additional filtering. EFI-makefile-cflags-filter.patch last seen 2020-06-05 modified 2014-06-13 plugin id 74967 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74967 title openSUSE Security Update : xen (openSUSE-SU-2013:0637-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-1269.NASL description Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075], fix a bug introduced by fix for XSA-27 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-04 plugin id 64407 published 2013-02-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64407 title Fedora 17 : xen-4.1.4-3.fc17 (2013-1269) NASL family Scientific Linux Local Security Checks NASL id SL_20130307_KVM_ON_SL5_X.NASL description A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) Note that the procedure in the Solution section must be performed before this update will take effect. last seen 2020-03-18 modified 2013-03-08 plugin id 65091 published 2013-03-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65091 title Scientific Linux Security Update : kvm on SL5.x x86_64 (20130307) NASL family Fedora Local Security Checks NASL id FEDORA_2013-1274.NASL description Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075], fix a bug introduced by fix for XSA-27 VT-d interrupt remapping source validation flaw [XSA-33,CVE-2012-5634] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-04 plugin id 64408 published 2013-02-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64408 title Fedora 16 : xen-4.1.4-3.fc16 (2013-1274) NASL family Fedora Local Security Checks NASL id FEDORA_2013-1434.NASL description Two security fixes from nested virtualization (CVE-2013-0151 CVE-2013-0152), restore status option to xend which is used by libvirt Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-04 plugin id 64418 published 2013-02-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64418 title Fedora 18 : xen-4.2.1-5.fc18 (2013-1434) NASL family Fedora Local Security Checks NASL id FEDORA_2013-0965.NASL description - CVE-2012-6075: Buffer overflow in e1000 nic (bz #889301, bz #889304) - Use systemd spec macros (bz #850285) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-28 plugin id 64255 published 2013-01-28 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64255 title Fedora 18 : qemu-1.2.2-2.fc18 (2013-0965)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html
- http://www.ubuntu.com/usn/USN-1692-1
- https://bugzilla.redhat.com/show_bug.cgi?id=889301
- http://www.securityfocus.com/bid/57420
- http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html
- http://www.openwall.com/lists/oss-security/2012/12/30/1
- http://www.debian.org/security/2013/dsa-2608
- http://www.debian.org/security/2013/dsa-2607
- http://www.debian.org/security/2013/dsa-2619
- http://rhn.redhat.com/errata/RHSA-2013-0610.html
- http://rhn.redhat.com/errata/RHSA-2013-0599.html
- http://rhn.redhat.com/errata/RHSA-2013-0609.html
- http://rhn.redhat.com/errata/RHSA-2013-0639.html
- http://rhn.redhat.com/errata/RHSA-2013-0608.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb