| Description: | Summary:
The remote host is missing an update for the 'KVM' package(s) announced via the SUSE-SU-2014:0816-1 advisory.
Vulnerability Insight:
Several security issues in KVM have been fixed. Some issues could have resulted in arbitrary code execution or crash of the kvm host.
* virtio-net: buffer overflow in virtio_net_handle_mac() function
(CVE-2014-0150)
* Fixed out of bounds buffer accesses, guest triggerable via IDE SMART
(CVE-2014-2894)
*
Fixed various virtio-net buffer overflows
(CVE-2013-4148,CVE-2013-4149,CVE-2013-4150,CVE-2013-4151)
*
Fixed ahci buffer overrun (CVE-2013-4526)
* Fixed hpet buffer overrun (CVE-2013-4527)
* Fixed a PCIE-AER buffer overrun (CVE-2013-4529)
* Fixed a buffer overrun in pl022 (CVE-2013-4530)
* Fixed a vmstate buffer overflow (CVE-2013-4531)
* Fixed a pxa2xx buffer overrun (CVE-2013-4533)
* Fixed a openpic buffer overrun (CVE-2013-4534)
* Validate virtio num_sg mapping (CVE-2013-4535 / CVE-2013-4536)
* Fixed ssi-sd buffer overrun (CVE-2013-4537)
* Fixed ssd0323 buffer overrun (CVE-2013-4538)
* Fixed tsc210x buffer overrun (CVE-2013-4539)
* Fixed Zaurus buffer overrun (CVE-2013-4540)
* Some USB sanity checking added (CVE-2013-4541)
* Fixed virtio scsi buffer overrun (CVE-2013-4542)
* Fixed another virtio buffer overrun (CVE-2013-6399)
* Validate config_len on load in virtio (CVE-2014-0182)
Security Issue references:
* CVE-2014-0150
* CVE-2014-2894
Affected Software/OS:
'KVM' package(s) on SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Server 11-SP3.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
