NVD Vulnerability Detail

CVE-2015-5225

Summary	Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.
Publication Date	Nov. 7, 2015, 6:59 a.m.
Registration Date	Jan. 26, 2021, 2:52 p.m.
Last Update	Nov. 21, 2024, 11:32 a.m.

CVSS2.0 : HIGH
Score	7.2
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:redhat:openstack:5.0:::::::*
cpe:2.3:a:redhat:openstack:7.0:::::::*
cpe:2.3:a:redhat:openstack:6.0:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:22:::::::*
cpe:2.3:o:fedoraproject:fedora:23:::::::*
cpe:2.3:o:fedoraproject:fedora:21:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:qemu:qemu::::::::			2.4.0

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html
2	http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html
3	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html
4	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html
5	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html
6	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html
7	http://rhn.redhat.com/errata/RHSA-2015-1772.html
8	http://rhn.redhat.com/errata/RHSA-2015-1772.html
9	http://rhn.redhat.com/errata/RHSA-2015-1837.html
10	http://rhn.redhat.com/errata/RHSA-2015-1837.html
11	http://www.debian.org/security/2015/dsa-3348
12	http://www.debian.org/security/2015/dsa-3348
13	http://www.openwall.com/lists/oss-security/2015/08/21/6
14	http://www.openwall.com/lists/oss-security/2015/08/21/6
15	http://www.securityfocus.com/bid/76506
16	http://www.securityfocus.com/bid/76506
17	http://www.securitytracker.com/id/1033547
18	http://www.securitytracker.com/id/1033547
19	https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
20	https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
21	https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html	Patch Vendor Advisory
22	https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html	Patch Vendor Advisory
23	https://security.gentoo.org/glsa/201602-01
24	https://security.gentoo.org/glsa/201602-01

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

QEMU の VNC ディスプレイドライバの vnc_refresh_server_surface 関数におけるバッファオーバーフローの脆弱性

Title	QEMU の VNC ディスプレイドライバの vnc_refresh_server_surface 関数におけるバッファオーバーフローの脆弱性
Summary	QEMU の VNC ディスプレイドライバの vnc_refresh_server_surface 関数には、サーバディスプレイのサーフェスのリフレッシュに関する処理に不備があるため、バッファオーバーフローの脆弱性が存在します。
Possible impacts	ゲストユーザにより、サービス運用妨害 (ヒープメモリ破損およびプロセスクラッシュ) 状態にされる、またはホスト上で任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 21, 2015, midnight
Registration Date	Nov. 10, 2015, 3:43 p.m.
Last Update	Nov. 10, 2015, 3:43 p.m.

Affected System

レッドハット

Red Hat OpenStack 5.0

Red Hat OpenStack 6.0

Fedora Project

Fedora 21

Fedora 22

Fedora 23

Fabrice Bellard

QEMU 2.4.0.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-5225	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5225
National Vulnerability Database (NVD)
2	CVE-2015-5225	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5225

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Fedora Update Notification
1	FEDORA-2015-14783	https://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html
2	FEDORA-2015-15364	https://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html
3	FEDORA-2015-16368	https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html
Qemu-devel
4	[ANNOUNCE] QEMU 2.4.0.1 CVE update released	https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html
5	[PATCH] vnc: fix memory corruption (CVE-2015-5225)	https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
Red Hat Security Advisory
6	RHSA-2015:1772	https://rhn.redhat.com/errata/RHSA-2015-1772.html
7	RHSA-2015:1837	https://rhn.redhat.com/errata/RHSA-2015-1837.html

Change Log

No	Changed Details	Date of change
0	[2015年11月10日] 掲載	Feb. 17, 2018, 10:37 a.m.