If you’re a developer, you may be interested to read this article in full. If not, feel free to skip to the Resolution section below.
Overview of CVE-2015-5154
Information on bug CVE-2015-5154 was made public on July 27, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.
Impact
Specifically a flaw with how QEMU’s IDE subsystem handles buffer access while processing certain ATAPI commands, exploitation can allow for the execution of arbitrary code on the host with the privileges of the host’s QEMU process corresponding to the guest.
Summary
- Made public on July 27, 2015
- This flaw exploits QEMU, a generic and open source machine emulator.
- Allows for an attacker to execute arbitrary code outside of their own virtual machine.
Resolution
In collaboration with our hosting partners at Liquid Web, BRNM will be installing a patch to correct this issue and rebooting all servers between 2:00AM and 7:00AM EDT, on July 28th, 2015.
No action is needed on your part, but please keep in mind that access to your website may be slow or redirected to a maintenance page at some point during this time period.
Further information may be available at: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154