QEMU multiple local security bypass vulnerabilities (CVE-2014-3689)
Release date:
Updated on:
Affected Systems:
QEMU
Description:
Bugtraq id: 70997
CVE (CAN) ID: CVE-2014-3689
QEMU is an open source simulator software.
QEMU's vmware-vga driver (hw/display/vmware_vga.c) has a local denial-of-service vulnerability. Local attackers can exploit this vulnerability to write data to qemu memory locations and obtain elevated permissions.
<* Source: Petr Matousek (pmatouse @ ...hat.com)
*>
Suggestion:
Vendor patch:
QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.debian.org/security/2014/dsa-3067
Http://fabrice.bellard.free.fr/qemu/
Http://git.qemu.org /? P = qemu. git; a = commit; h = e6908bfe8e07f2b452e78e677da1b45b1c0f6829
Ubuntu 12.04 cannot find the Qemu command
Install QEMU + efi bios on Arch Linux
QEMU translation framework and debugging tools
QEMU details: click here
QEMU: click here
This article permanently updates the link address: