[UCI-Linux] Vulnerability in QEMU/Xen/KVM
Andrew Laurence
atlauren at uci.edu
Wed May 13 09:46:51 PDT 2015
A c.2004 bug in the QEMU floppy controller allows attackers to break out of the VM guest environment.
http://venom.crowdstrike.com/
http://arstechnica.com/security/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
Available patches include...
QEMU: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
Xen Project: http://xenbits.xen.org/xsa/advisory-133.html
Red Hat: https://access.redhat.com/articles/1444903
--
Andrew Laurence Office of Information Technology
atlauren at uci.edu University of California, Irvine
More information about the UCI-Linux
mailing list