QEMU Firmware Configuration Processing Access Flaw Lets Local Users on a Guest System Gain Elevated Privileges on the Host System
|
SecurityTracker Alert ID: 1034858 |
SecurityTracker URL: http://securitytracker.com/id/1034858
|
CVE Reference:
CVE-2016-1714
(Links to External Site)
|
Date: Jan 28 2016
|
Impact:
User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in QEMU. A local user on the guest system can gain elevated privileges on the host system.
A privileged local user with CAP_SYS_RAWIO capabilities on the guest system can trigger an out-of-bounds read/write access error when processing firmware configurations and cause denial of service conditions or gain elevated privileges on the host system.
Systems with the current configuration entry value set to invalid (FW_CFG_INVALID=0xffff) are affected.
Systems built with the Firmware Configuration device emulation support are affected.
|
Impact:
A local privileged user on the guest system can gain elevated privileges on the host system.
|
Solution:
The vendor has issued a source code fix, available at:
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
|
Vendor URL: wiki.qemu.org/Main_Page (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|