7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
40.4%
CentOS Errata and Security Advisory CESA-2015:1925
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems.
A heap buffer overflow flaw was found in the way QEMU’s NE2000 NIC
emulation implementation handled certain packets received over the network.
A privileged user inside a guest could use this flaw to crash the QEMU
instance (denial of service) or potentially execute arbitrary code on
the host. (CVE-2015-5279)
Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting
this issue.
All kvm users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Note: The procedure in
the Solution section must be performed before this update will take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-October/083606.html
Affected packages:
kmod-kvm
kmod-kvm-debug
kvm
kvm-qemu-img
kvm-tools
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:1925
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | x86_64 | kmod-kvm | < 83-274.el5.centos | kmod-kvm-83-274.el5.centos.x86_64.rpm |
CentOS | 5 | x86_64 | kmod-kvm-debug | < 83-274.el5.centos | kmod-kvm-debug-83-274.el5.centos.x86_64.rpm |
CentOS | 5 | x86_64 | kvm | < 83-274.el5.centos | kvm-83-274.el5.centos.x86_64.rpm |
CentOS | 5 | x86_64 | kvm-qemu-img | < 83-274.el5.centos | kvm-qemu-img-83-274.el5.centos.x86_64.rpm |
CentOS | 5 | x86_64 | kvm-tools | < 83-274.el5.centos | kvm-tools-83-274.el5.centos.x86_64.rpm |