Qemu Flaw Lets the Guest Escape

Jul 28, 2015

Xen project announces a privilege escalation problem for Qemu host systems

The Xen project has announced a bug (CVE-2015-5154) that allows a process running inside a Qemu virtual machine to escalate its privileges to the privilege level of the Qemu process. This exploit basically lets the guest process escape to the privileges of the host.

The attack uses the Qemu emulated IDE CDROM device. According to the Xen project, “All Xen systems running x86 HVM guests without stubdomains that have been configured with an emulated CD-ROM driver model are vulnerable.”

See the security page for your Linux vendor for more on how to fix the problem. The best advice is to avoid using an emulated CD-ROM device with Qemu until you have taken the necessary steps and installed the patch.

Related content

  • QEMU 2

    The new version of QEMU is a free virtualization solution that offers excellent stability and flexibility. We show how to deploy QEMU 2 in a Live environment.

  • QEMU and Qemu Manager

    Carry a virtual Linux machine with you wherever you go.

  • KVM

    KVM brings the kernel into the virualization game. We’ll explain why the Linux world is so interested in this promising virtualization alternative.

  • QEMU System Emulation

    Do you ever wish you could run Linux within Linux? Or how about DOS within Linux? QEMU is an open source application that lets you emulate a complete hardware environment within your Linux system.

  • KVM Front Ends

    If you want to care for a zoo full of exotic KVM guest systems on your desktop, you could use a little help from a graphical front end.

comments powered by Disqus

Issue 31: Linux Shell Handbook 9th Ed./Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)


njobs Europe
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia