QEMU Vulnerability Exposes The Host Through Emulated CD-ROM Drive

Written by Michael Larabel in Virtualization on 27 July 2015 at 10:01 AM EDT. 9 Comments
VIRTUALIZATION
Back in May was the big "VENOM" security vulnerability affect QEMU whereby VM security could be escaped through QEMU's virtual floppy disk drive. In June was a PCNET controller buffer overflow allowing a guest to escape to have host access. Today there's a similar security vulnerability going public about its virtual CD-ROM drive.

The new issue, CVE-2015-5154, is about a heap overflow flaw while processing certain ATAPI commands. This flaw in QEMU's IDE subsystem could allow a privileged guest user in a guest with virtual/emulated CDROM drive execute arbitrary code on the host system. Basically if the IDE CDROM device is enabled for the guest, current versions of QEMU could be exploited to run code on the host with privileges the same as the QEMU process.

More details on CVE-2015-5154 via the announcement and there's currently patches for addressing this vulnerability via the QEMU-devel list.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week