Qemu Flaw Lets the Guest Escape

Jul 28, 2015

Xen project announces a privilege escalation problem for Qemu host systems

The Xen project has announced a bug (CVE-2015-5154) that allows a process running inside a Qemu virtual machine to escalate its privileges to the privilege level of the Qemu process. This exploit basically lets the guest process escape to the privileges of the host.

The attack uses the Qemu emulated IDE CDROM device. According to the Xen project, “All Xen systems running x86 HVM guests without stubdomains that have been configured with an emulated CD-ROM driver model are vulnerable.”

See the security page for your Linux vendor for more on how to fix the problem. The best advice is to avoid using an emulated CD-ROM device with Qemu until you have taken the necessary steps and installed the patch.

Related content

  • QEMU 2

    The new version of QEMU is a free virtualization solution that offers excellent stability and flexibility. We show how to deploy QEMU 2 in a Live environment.

  • QEMU and Qemu Manager

    Carry a virtual Linux machine with you wherever you go.

  • KVM

    KVM brings the kernel into the virualization game. We’ll explain why the Linux world is so interested in this promising virtualization alternative.

  • QEMU System Emulation

    Do you ever wish you could run Linux within Linux? Or how about DOS within Linux? QEMU is an open source application that lets you emulate a complete hardware environment within your Linux system.

  • KVM Front Ends

    If you want to care for a zoo full of exotic KVM guest systems on your desktop, you could use a little help from a graphical front end.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More