[pve-devel] CVE-2015-3456

Eric Blevins ericlb100 at gmail.com
Wed May 13 18:44:08 CEST 2015


Is Proxmox vulnerable to CVE-2015-3456?

https://securityblog.redhat.com/tag/cve-2015-3456/
>From the article:
It can result in guest controlled execution of arbitrary code in, and
with privileges of, the corresponding QEMU process on the host. Worst
case scenario this can be guest to host exit with the root privileges.


Can we expect Proxmox to stop running KVM processes as root in the near future?



More information about the pve-devel mailing list