Gentoo Linux Security Advisory 201612-27 - Multiple vulnerabilities have been found in VirtualBox, the worst of which allows local users to escalate privileges. Versions before 4.3.28 are affected.
8018cb397a0a196ca1155a3ee23c7a87d2f3e59d927afeeae104ca1ff0205aa0
Gentoo Linux Security Advisory 201604-3 - Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service. Versions less than 4.6.0-r9 are affected.
a7e9bd9d6342dd146c7a64ee40be706e83549d090ba7149e7ac964a6280a8109
Gentoo Linux Security Advisory 201602-1 - Multiple vulnerabilities have been found in QEMU, the worst of which may allow a remote attacker to cause a Denial of Service or gain elevated privileges from a guest VM. Versions less than 2.5.0-r1 are affected.
cae04eed58ae8cd630be1884c1bb0f33cd229432b115814282bbffc1e4740738
HP Security Bulletin HPSBMU03349 1 - A potential security vulnerability has been identified with HP Helion CloudSystem. The vulnerability could be exploited locally resulting in Denial of Service (DoS) or execution of arbitrary code. Notes: This is the vulnerability known as "Virtual Environment Neglected Operations Manipulation" also known as "VENOM". This vulnerability exists in the floppy disk controller driver of QEMU, an open-source virtualization technology used to provision guest Virtual Machines. This vulnerability affects all versions of QEMU and could lead to hypervisor breakout, where a user of the guest VM can gain control of the host. HP Helion CloudSystem leverages QEMU as a core part of its virtualization functionality and is therefore affected by this vulnerability. Revision 1 of this advisory.
98a9283d333907883fa3dcd3c1601d04aa5b59a6594cc587e75494a7a0b44299
Debian Linux Security Advisory 3274-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential privilege escalation.
e4f75683caaa34fdaecddd1a7828d4612e7cf4a264154d8b544eb04587da551e
Red Hat Security Advisory 2015-1031-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
93eb47392028955345a8256ae44071c1080466c5f4ea43f0ba141a0112927614
HP Security Bulletin HPSBMU03336 - A potential security vulnerability has identified with HP Helion OpenStack. The vulnerability could be exploited resulting in Denial of Service (DoS) or execution of arbitrary code. Revision 1 of this advisory.
7704cc07176751fa9734b71a387deda7db02facc204f3c1ed040b34d5919fac8
Debian Linux Security Advisory 3262-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. This only affects HVM guests.
f85b7e0dba35842d0a29aa4cdf7466ad52be076a8bdee2b113210207ea2f0fe7
Red Hat Security Advisory 2015-1011-01 - The rhev-hypervisor packages provide a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
fcbc36d6af9b56bdac9fa408b51df2cd12d225527fdf8a1df853277bc89bbdfd
Red Hat Security Advisory 2015-1004-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
3ab0adad6fdda3667b0f1e811a8d230ad26a1f9bb5f02a2fa6f520bf3b3b42f7
Red Hat Security Advisory 2015-1000-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
03f03d53cedd59584831f1b0029666475f5a81ddb57f12c6ce52d258b2f1a3cd
Red Hat Security Advisory 2015-0999-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
8b8a9a5f38747ef44b28cfced166cfbeee90228726e80b1798327876421a726a
Red Hat Security Advisory 2015-1001-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
601caacd379172315f6cfffb985b4159a96e67bb16763d5a658276647f625617
Red Hat Security Advisory 2015-1003-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
422cb9cd2c5794c27203769b3c622eee2665f29cb4a6305ca8a00af32b1ea44b
Red Hat Security Advisory 2015-1002-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
36b8dc0dc040f168bcfb6d3931f9b68020149d31e605934b0251afd569aa45b8
Red Hat Security Advisory 2015-0998-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
4560d87105d92523f195c69d8a771fe7e08b0abb29590473f66f27e5963fe158
Ubuntu Security Notice 2608-1 - Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Daniel P. Berrange discovered that QEMU incorrectly handled VNC websockets. A remote attacker could use this issue to cause QEMU to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.
8016922249d1200857b855be754556a4986b2239c15572207796d8c4f2e6d88f
Debian Linux Security Advisory 3259-1 - Several vulnerabilities were discovered in the qemu virtualisation solution.
0023f319a16ece6a882500e80e69ae44288802e335ef47565d8d36f8fc537ea8