Red.Hat.Oracle.Update.for.qemu-kvm.2014-1075

description-logoDescription

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM.
Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

affected-products-logoAffected Products

Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)
Oracle Linux 6

Impact logoImpact

This vulnerability could allow an attacker to execute arbitrary code or cause a denial of service condition on a vulnerable system.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)