Bug 942845 (CVE-2015-5225) - VUL-0: CVE-2015-5225 Qemu: ui: vnc: heap memory corruption in vnc_refresh_server_surface
Summary: VUL-0: CVE-2015-5225 Qemu: ui: vnc: heap memory corruption in vnc_refresh_ser...
Status: RESOLVED FIXED
Alias: CVE-2015-5225
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Andreas Färber
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/132657/
Whiteboard: CVSSv2:SUSE:CVE-2015-5225:6.5:(AV:A/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-24 07:52 UTC by Sebastian Krahmer
Modified: 2016-07-21 16:21 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2015-08-24 07:52:43 UTC 
Quoting from RH bz initial comment:

"Qemu emulator built with the VNC display driver support is vulnerable to a
buffer overflow flaw leading to heap memory corruption. It could occur while
refreshing the server display surface via routine vnc_refresh_server_surface().

A privileged guest user could use this flaw to corrupt the heap memory and crash the Qemu process instance OR potentially use it to execute arbitrary code on the host."

rh#1255896



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1255896
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5225
http://seclists.org/oss-sec/2015/q3/418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5225
Comment 1 Swamp Workflow Management 2015-08-24 22:00:28 UTC 
bugbot adjusting priority
Comment 7 Victor Pereira 2015-09-10 14:15:36 UTC 
thank you for the analysis! Will you submit it for SLE12-SP1?
Comment 9 Johannes Segitz 2016-07-21 14:25:47 UTC 
fixed everywhere