Bugzilla – Bug 962611
VUL-0: CVE-2014-3689: xen: vmware_vga: insufficient parameter validation in rectangle functions
Last modified: 2021-01-21 18:27:18 UTC
+++ This bug was initially created as a clone of Bug #901508 +++ CVE-2014-3689 A flaw was found in the way guest provided parameter validation was performed in vmware-vga driver in rectangle handling functionality. A privileged guest user could use this flaw to write into qemu address space on the host, pontentially escalating their privileges to that of qemu host process. References: https://www.mail-archive.com/qemu-devel@nongnu.org/msg261580.html (upstream fix) https://bugzilla.redhat.com/show_bug.cgi?id=1153035 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3689
bugbot adjusting priority
This bug may be included in one or more of the submissions listed below. SUSE:SLE-12-SP1:Update: 98638 SUSE:SLE-12:Update: 98642 SUSE:SLE-11-SP4:Update: 98646 SUSE:SLE-11-SP3:Update: 98650 SUSE:SLE-11-SP2:Update: 98654 SUSE:SLE-11-SP1:Update:Teradata: 98658 SUSE:SLE-11-SP1:Update: 98662 SUSE:SLE-10-SP4:Update:Test: 98666 SUSE:SLE-10-SP3:Update:Test: 98670 openSUSE:Factory: 362063 openSUSE:Leap:42.1:Update: 362057 openSUSE:13.2:Update: 362060
openSUSE-SU-2016:0995-1: An update that fixes 33 vulnerabilities is now available. Category: security (important) Bug References: 944463,944697,945989,956829,960334,960707,960725,960835,960861,960862,961332,961358,961691,962335,962360,962611,962627,962632,962642,962758,963782,964413,964431,964452,964644,964925,964929,964950,965156,965315,965317,967012,967969 CVE References: CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5239,CVE-2015-5278,CVE-2015-6815,CVE-2015-6855,CVE-2015-7512,CVE-2015-8345,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2392,CVE-2016-2538 Sources used: openSUSE 13.2 (src): xen-4.4.4_02-43.1
SUSE-SU-2016:1318-1: An update that solves 45 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 954872,956832,957988,958007,958009,958493,958523,958918,959006,959387,959695,960707,960726,960836,960861,960862,961332,961358,961692,962321,962335,962360,962611,962627,962632,962642,962758,963783,963923,964415,964431,964452,964644,964746,964925,964929,964947,964950,965112,965156,965269,965315,965317,967090,967101,968004,969125,969126 CVE References: CVE-2013-4527,CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-7549,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): xen-4.4.4_02-22.19.1 SUSE Linux Enterprise Server 12 (src): xen-4.4.4_02-22.19.1 SUSE Linux Enterprise Desktop 12 (src): xen-4.4.4_02-22.19.1