{"id":"USN-2891-1","summary":"qemu, qemu-kvm vulnerabilities","details":"Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 15.10. (CVE-2015-7549)\n\nLian Yihan discovered that QEMU incorrectly handled the VNC server. A\nremote attacker could use this issue to cause QEMU to crash, resulting in a\ndenial of service. (CVE-2015-8504)\n\nFelix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in the\nparavirtualized guest could exploit this flaw to cause a denial of service\n(crash the host) or potentially execute arbitrary code on the host.\n(CVE-2015-8550)\n\nQinghao Tang discovered that QEMU incorrectly handled USB EHCI emulation\nsupport. An attacker inside the guest could use this issue to cause QEMU to\nconsume resources, resulting in a denial of service. (CVE-2015-8558)\n\nQinghao Tang discovered that QEMU incorrectly handled the vmxnet3 device.\nAn attacker inside the guest could use this issue to cause QEMU to consume\nresources, resulting in a denial of service. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8567, CVE-2015-8568)\n\nQinghao Tang discovered that QEMU incorrectly handled SCSI MegaRAID SAS HBA\nemulation. An attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8613)\n\nLing Liu discovered that QEMU incorrectly handled the Human Monitor\nInterface. A local attacker could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 15.10. (CVE-2015-8619, CVE-2016-1922)\n\nDavid Alan Gilbert discovered that QEMU incorrectly handled the Q35 chipset\nemulation when performing VM guest migrations. An attacker could use this\nissue to cause QEMU to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8666)\n\nLing Liu discovered that QEMU incorrectly handled the NE2000 device. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. (CVE-2015-8743)\n\nIt was discovered that QEMU incorrectly handled the vmxnet3 device. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 15.10. (CVE-2015-8744, CVE-2015-8745)\n\nQinghao Tang discovered that QEMU incorrect handled IDE AHCI emulation. An\nattacker inside the guest could use this issue to cause a denial of\nservice, or possibly execute arbitrary code on the host as the user running\nthe QEMU process. In the default installation, when QEMU is used with\nlibvirt, attackers would be isolated by the libvirt AppArmor profile.\n(CVE-2016-1568)\n\nDonghai Zhu discovered that QEMU incorrect handled the firmware\nconfiguration device. An attacker inside the guest could use this issue to\ncause a denial of service, or possibly execute arbitrary code on the host\nas the user running the QEMU process. In the default installation, when\nQEMU is used with libvirt, attackers would be isolated by the libvirt\nAppArmor profile. (CVE-2016-1714)\n\nIt was discovered that QEMU incorrectly handled the e1000 device. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. (CVE-2016-1981)\n\nZuozhi Fzz discovered that QEMU incorrectly handled IDE AHCI emulation. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 15.10.\n(CVE-2016-2197)\n\nZuozhi Fzz discovered that QEMU incorrectly handled USB EHCI emulation. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 15.10. (CVE-2016-2198)\n","modified":"2026-02-10T04:40:57Z","published":"2016-02-03T13:07:20Z","related":["UBUNTU-CVE-2015-7549","UBUNTU-CVE-2015-8504","UBUNTU-CVE-2015-8550","UBUNTU-CVE-2015-8558","UBUNTU-CVE-2015-8567","UBUNTU-CVE-2015-8568","UBUNTU-CVE-2015-8613","UBUNTU-CVE-2015-8619","UBUNTU-CVE-2015-8666","UBUNTU-CVE-2015-8743","UBUNTU-CVE-2015-8744","UBUNTU-CVE-2015-8745","UBUNTU-CVE-2016-1568","UBUNTU-CVE-2016-1714","UBUNTU-CVE-2016-1922","UBUNTU-CVE-2016-1981","UBUNTU-CVE-2016-2198"],"upstream":["CVE-2015-7549","CVE-2015-8504","CVE-2015-8550","CVE-2015-8558","CVE-2015-8567","CVE-2015-8568","CVE-2015-8613","CVE-2015-8619","CVE-2015-8666","CVE-2015-8743","CVE-2015-8744","CVE-2015-8745","CVE-2016-1568","CVE-2016-1714","CVE-2016-1922","CVE-2016-1981","CVE-2016-2198","UBUNTU-CVE-2015-7549","UBUNTU-CVE-2015-8504","UBUNTU-CVE-2015-8550","UBUNTU-CVE-2015-8558","UBUNTU-CVE-2015-8567","UBUNTU-CVE-2015-8568","UBUNTU-CVE-2015-8613","UBUNTU-CVE-2015-8619","UBUNTU-CVE-2015-8666","UBUNTU-CVE-2015-8743","UBUNTU-CVE-2015-8744","UBUNTU-CVE-2015-8745","UBUNTU-CVE-2016-1568","UBUNTU-CVE-2016-1714","UBUNTU-CVE-2016-1922","UBUNTU-CVE-2016-1981","UBUNTU-CVE-2016-2197","UBUNTU-CVE-2016-2198"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2891-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-7549"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8504"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8550"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8558"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8567"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8568"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8613"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8619"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8666"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8743"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8744"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8745"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-1568"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-1714"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-1922"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-1981"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2197"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2198"}],"affected":[{"package":{"name":"qemu","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.22?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0+dfsg-2ubuntu1.22"}]}],"versions":["1.5.0+dfsg-3ubuntu5","1.5.0+dfsg-3ubuntu6","1.6.0+dfsg-2ubuntu1","1.6.0+dfsg-2ubuntu2","1.6.0+dfsg-2ubuntu3","1.6.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu1","1.7.0+dfsg-2ubuntu2","1.7.0+dfsg-2ubuntu3","1.7.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu5","1.7.0+dfsg-2ubuntu7","1.7.0+dfsg-2ubuntu8","1.7.0+dfsg-2ubuntu9","1.7.0+dfsg-3ubuntu1~ppa1","1.7.0+dfsg-3ubuntu1","1.7.0+dfsg-3ubuntu2","1.7.0+dfsg-3ubuntu3","1.7.0+dfsg-3ubuntu4","1.7.0+dfsg-3ubuntu5","1.7.0+dfsg-3ubuntu6","1.7.0+dfsg-3ubuntu7","2.0.0~rc1+dfsg-0ubuntu1","2.0.0~rc1+dfsg-0ubuntu2","2.0.0~rc1+dfsg-0ubuntu3","2.0.0~rc1+dfsg-0ubuntu3.1","2.0.0+dfsg-2ubuntu1","2.0.0+dfsg-2ubuntu1.1","2.0.0+dfsg-2ubuntu1.2","2.0.0+dfsg-2ubuntu1.3","2.0.0+dfsg-2ubuntu1.5","2.0.0+dfsg-2ubuntu1.6","2.0.0+dfsg-2ubuntu1.7","2.0.0+dfsg-2ubuntu1.8","2.0.0+dfsg-2ubuntu1.9","2.0.0+dfsg-2ubuntu1.10","2.0.0+dfsg-2ubuntu1.11","2.0.0+dfsg-2ubuntu1.13","2.0.0+dfsg-2ubuntu1.14","2.0.0+dfsg-2ubuntu1.15","2.0.0+dfsg-2ubuntu1.16","2.0.0+dfsg-2ubuntu1.17","2.0.0+dfsg-2ubuntu1.18","2.0.0+dfsg-2ubuntu1.19","2.0.0+dfsg-2ubuntu1.20","2.0.0+dfsg-2ubuntu1.21"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"qemu","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-common","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-guest-agent","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-keymaps","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-kvm","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-system","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-system-aarch64","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-system-arm","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-system-common","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-system-mips","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-system-misc","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-system-ppc","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-system-sparc","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-system-x86","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-user","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-user-static","binary_version":"2.0.0+dfsg-2ubuntu1.22"},{"binary_name":"qemu-utils","binary_version":"2.0.0+dfsg-2ubuntu1.22"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-7549"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8504"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8550"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8558"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8567"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8568"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8613"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2015-8619"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8666"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8743"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8744"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8745"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-1568"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-1714"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-1922"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-1981"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-2198"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2891-1.json"}}],"schema_version":"1.7.3"}