CVE-2015-5154

Description

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Affected packages (2)

• Debian/qemufrom 0, < 1:2.4+dfsg-1a
• Debian/xenfrom 0, < 4.4.0-1

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-5154