| Description: | Laszlo Ersek discovered that QEMU incorrectly handled memory in the vgadevice. A malicious guest could possibly use this issue to read arbitraryhost memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.(CVE-2014-3615)Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectlyhandled certain udp packets when using guest networking. A malicious guestcould possibly use this issue to cause a denial of service. (CVE-2014-3640)It was discovered that QEMU incorrectly handled parameter validation inthe vmware_vga device. A malicious guest could possibly use this issue towrite into memory of the host, leading to privilege escalation.(CVE-2014-3689)It was discovered that QEMU incorrectly handled USB xHCI controller livemigration. An attacker could possibly use this issue to cause a denial ofservice, or possibly execute arbitrary code. This issue only affectedUbuntu 14.04 LTS. (CVE-2014-5263)Michael S. Tsirkin discovered that QEMU incorrectly handled memory in theACPI PCI hotplug interface. A malicious guest could possibly use this issueto access memory of the host, leading to information disclosure orprivilege escalation. This issue only affected Ubuntu 14.04 LTS.(CVE-2014-5388)James Spadaro discovered that QEMU incorrectly handled certain VNCbytes_per_pixel values. An attacker having access to a VNC console couldpossibly use this issue to cause a guest to crash, resulting in a denial ofservice. (CVE-2014-7815) |