{"id":"USN-2692-1","summary":"qemu vulnerabilities","details":"Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a\nnon-default configuration, a malicious guest could use this issue to cause\na denial of service, or possibly execute arbitrary code on the host as the\nuser running the QEMU process. In the default installation, when QEMU is\nused with libvirt, attackers would be isolated by the libvirt AppArmor\nprofile. (CVE-2015-3214)\n\nKevin Wolf discovered that QEMU incorrectly handled processing ATAPI\ncommands. A malicious guest could use this issue to cause a denial of\nservice, or possibly execute arbitrary code on the host as the user running\nthe QEMU process. In the default installation, when QEMU is used with\nlibvirt, attackers would be isolated by the libvirt AppArmor profile.\n(CVE-2015-5154)\n\nZhu Donghai discovered that QEMU incorrectly handled the SCSI driver. A\nmalicious guest could use this issue to cause a denial of service, or\npossibly execute arbitrary code on the host as the user running the QEMU\nprocess. In the default installation, when QEMU is used with libvirt,\nattackers would be isolated by the libvirt AppArmor profile. This issue\nonly affected Ubuntu 15.04. (CVE-2015-5158)\n","modified":"2026-02-10T04:40:55Z","published":"2015-07-28T16:29:35Z","related":["UBUNTU-CVE-2015-3214","UBUNTU-CVE-2015-5154"],"upstream":["CVE-2015-3214","CVE-2015-5154","UBUNTU-CVE-2015-3214","UBUNTU-CVE-2015-5154","UBUNTU-CVE-2015-5158"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2692-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-3214"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5154"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5158"}],"affected":[{"package":{"name":"qemu","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.15?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0+dfsg-2ubuntu1.15"}]}],"versions":["1.5.0+dfsg-3ubuntu5","1.5.0+dfsg-3ubuntu6","1.6.0+dfsg-2ubuntu1","1.6.0+dfsg-2ubuntu2","1.6.0+dfsg-2ubuntu3","1.6.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu1","1.7.0+dfsg-2ubuntu2","1.7.0+dfsg-2ubuntu3","1.7.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu5","1.7.0+dfsg-2ubuntu7","1.7.0+dfsg-2ubuntu8","1.7.0+dfsg-2ubuntu9","1.7.0+dfsg-3ubuntu1~ppa1","1.7.0+dfsg-3ubuntu1","1.7.0+dfsg-3ubuntu2","1.7.0+dfsg-3ubuntu3","1.7.0+dfsg-3ubuntu4","1.7.0+dfsg-3ubuntu5","1.7.0+dfsg-3ubuntu6","1.7.0+dfsg-3ubuntu7","2.0.0~rc1+dfsg-0ubuntu1","2.0.0~rc1+dfsg-0ubuntu2","2.0.0~rc1+dfsg-0ubuntu3","2.0.0~rc1+dfsg-0ubuntu3.1","2.0.0+dfsg-2ubuntu1","2.0.0+dfsg-2ubuntu1.1","2.0.0+dfsg-2ubuntu1.2","2.0.0+dfsg-2ubuntu1.3","2.0.0+dfsg-2ubuntu1.5","2.0.0+dfsg-2ubuntu1.6","2.0.0+dfsg-2ubuntu1.7","2.0.0+dfsg-2ubuntu1.8","2.0.0+dfsg-2ubuntu1.9","2.0.0+dfsg-2ubuntu1.10","2.0.0+dfsg-2ubuntu1.11","2.0.0+dfsg-2ubuntu1.13","2.0.0+dfsg-2ubuntu1.14"],"ecosystem_specific":{"binaries":[{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-common"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-guest-agent"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-keymaps"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-kvm"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-system"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-system-aarch64"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-system-arm"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-system-common"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-system-mips"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-system-misc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-system-ppc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-system-sparc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-system-x86"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-user"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-user-static"},{"binary_version":"2.0.0+dfsg-2ubuntu1.15","binary_name":"qemu-utils"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2692-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"score":"low","type":"Ubuntu"}],"id":"CVE-2015-3214"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-5154"}]}}}],"schema_version":"1.7.3"}