CVE-2015-5154
A heap overflow flaw was found in the way QEMU’s IDE subsystem
handled I/O buffer access while processing certain ATAPI commands.
A privileged guest user in a guest with CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host’s QEMU process corresponding to the guest.
All Xen systems running x86 HVM guests without stubdomains which have been configured with an emulated CD-ROM driver model are vulnerable.
Systems using qemu-dm stubdomain device models (for example, by specifying “device_model_stubdomain_override=1” in xl’s domain configuration files) are NOT vulnerable.
Both the traditional (“qemu-xen-traditional”) or upstream-based
(“qemu-xen”) qemu device models are potentially vulnerable.
