CVE-2015-5154

Publication date 27 July 2015

Last updated 24 July 2024


Ubuntu priority

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Read the notes from the security team

Status

Package Ubuntu Release Status
qemu 15.04 vivid
Fixed 1:2.2+dfsg-5expubuntu9.3
14.10 utopic Ignored end of life
14.04 LTS trusty
Fixed 2.0.0+dfsg-2ubuntu1.15
12.04 LTS precise Not in release
qemu-kvm 15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty Not in release
12.04 LTS precise
Not affected
xen 15.04 vivid
Not affected
14.10 utopic Ignored end of life
14.04 LTS trusty
Fixed 4.4.2-0ubuntu0.14.04.2
12.04 LTS precise
Fixed 4.1.6.1-0ubuntu0.12.04.6

Notes


mdeslaur

This is XSA-138 introduced by http://git.qemu.org/?p=qemu.git;a=commit;h=ce560dcf