Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 544328 (CVE-2015-1779) - <app-emulation/qemu-2.2.1-r2: vnc network decoding lacks checks (CVE-2015-1779)
Summary: <app-emulation/qemu-2.2.1-r2: vnc network decoding lacks checks (CVE-2015-1779)
Alias: CVE-2015-1779
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa cve]
Depends on:
Reported: 2015-03-24 13:18 UTC by Agostino Sarubbo
Modified: 2016-02-04 09:33 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-03-24 13:18:54 UTC

It was found that the QEMU's websocket frame decoder processed incoming
frames without limiting resources used to process the header and
payload. An attacker able to access a guest's VNC console could use this
flaw to trigger a denial of service on the host by exhausting all
available memory and CPU.


This issue was discovered by Daniel P. Berrange of Red Hat.

Upstream patch submission:


Due to inconsistent error checking, Qemu emulator allows malicious PRDT data 
to flow from a guest to the host's IDE or AHCI controllers. This could result 
in infinite loop or memory leakage on the host leading to unbounded resource 

A privileged user inside guest could use this flaw to crash the system,
resulting in DoS.

Upstream fix:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2015-03-28 03:50:40 UTC
the IDE change has been merged, but not the VNC one.  probably going to just wait for that to be sorted out first.
Comment 2 Agostino Sarubbo gentoo-dev 2015-03-29 12:49:44 UTC
(In reply to SpanKY from comment #1)
> the IDE change has been merged, but not the VNC one.  probably going to just
> wait for that to be sorted out first.

that's fine.
Comment 3 Agostino Sarubbo gentoo-dev 2015-04-09 14:49:25 UTC
from :

Upstream patches:;a=commit;h=a2bebfd6e09d;a=commit;h=2cdb5e142fb93

Please note that the first patch committed to QEMU project git is
slightly different than the initial submission as it includes fix
for a regression caused by the original patch.
Comment 4 SpanKY gentoo-dev 2015-04-12 00:13:15 UTC
the ide prdt fix is already in qemu-2.2.0, and that's already in stable

this bug is now just for the vnc issue
Comment 6 Agostino Sarubbo gentoo-dev 2015-05-14 07:10:24 UTC
+  14 May 2015; Agostino Sarubbo <>
+  -files/qemu-2.1.1-readlink-self.patch,
+  -files/qemu-2.1.2-vnc-sanitize-bits.patch, -qemu-2.1.2-r2.ebuild,
+  -qemu-2.1.3-r1.ebuild, -qemu-2.1.3.ebuild, -qemu-2.2.0.ebuild,
+  -qemu-2.2.1-r1.ebuild, -qemu-2.2.1.ebuild, -qemu-2.3.0.ebuild,
+  qemu-2.2.1-r2.ebuild:
+  Stable for amd64/x86 - remove old.

Security please vote.
Comment 7 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-10-31 16:26:51 UTC
GLSA Vote: Yes
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2015-11-09 22:02:24 UTC
Vote: NO.
Comment 9 Yury German Gentoo Infrastructure gentoo-dev 2015-12-31 03:49:02 UTC
Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA Request.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2016-02-04 09:33:15 UTC
This issue was resolved and addressed in
 GLSA 201602-01 at
by GLSA coordinator Kristian Fiskerstrand (K_F).