Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 528922 (CVE-2014-3689) - <app-emulation/qemu-2.1.2-r2: vmware_vga: insufficient parameter validation in rectangle functions (CVE-2014-3689)
Summary: <app-emulation/qemu-2.1.2-r2: vmware_vga: insufficient parameter validation i...
Alias: CVE-2014-3689
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2014-11-11 13:52 UTC by Agostino Sarubbo
Modified: 2014-12-24 21:29 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-11-11 13:52:20 UTC
From ${URL} :

A flaw was found in the way guest provided parameter validation was performed
in vmware-vga driver in rectangle handling functionality.

A privileged guest user could use this flaw to write into qemu address space
on the host, pontentially escalating their privileges to that of qemu host

Proposed upstream fix:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2014-11-12 02:38:26 UTC
there's a few CLs that went in ... not sure how many matter here.  then again, qemu-2.2.0 is in the pipeline (already have rc's out), so would be easier to wait for that.  i don't think this is a critical bug as i'm not sure the vmware vga driver is commonly used.
Comment 2 Matthias Maier gentoo-dev 2014-12-14 22:48:12 UTC
*qemu-2.1.2-r2 (14 Dec 2014)

  14 Dec 2014; Matthias Maier <> +qemu-2.1.2-r2.ebuild:
  backport fixes for bugs #530498, #531666 (CVE-2014-8106), #529030
  (CVE-2014-7840), #528922 (528922)

*qemu-2.2.0 (14 Dec 2014)

  14 Dec 2014; Matthias Maier <> +qemu-2.2.0.ebuild,
  version bump; cleanup whitespace in metadata.xml

Vulnerable version left in tree: 2.1.2-r1
Unaffected: 2.1.2-r2, 2.2.0

Stabilization for 2.1.2-r2 on bug #531666
Comment 3 Matthias Maier gentoo-dev 2014-12-21 15:43:11 UTC
Security, please vote.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-12-22 03:12:39 UTC
Kristian Fiskerstrand  gentoo-dev  Security 2014-12-21 10:53:53 EST - in Bug 53166
GLSA Vote: Yes along with bug 528922 and bug 529030

Maintainer(s), Thank you for cleanup!

GLSA Vote: Yes
Added to an existing GLSA request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-12-24 21:25:32 UTC
This issue was resolved and addressed in
 GLSA 201412-37 at
by GLSA coordinator Yury German (BlueKnight).
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-12-24 21:29:10 UTC
This issue was resolved and addressed in
 GLSA 201412-37 at
by GLSA coordinator Yury German (BlueKnight).