CVE-2014-2894

Опубликовано: 14 апр. 2014

Источник: redhat

CVSS2: 4

Описание

Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.

Отчет

This issue does not affect the versions of kvm package as shipped with Red Hat Enterprise Linux 5.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kvm	Not affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	qemu-kvm-rhev	Affected
OpenStack 3 for RHEL 6	qemu-kvm-rhev	Fixed	RHSA-2014:0888	24.07.2014
OpenStack 4 for RHEL 6	qemu-kvm-rhev	Fixed	RHSA-2014:0888	24.07.2014
Red Hat Enterprise Linux 6	qemu-kvm	Fixed	RHSA-2014:0743	10.06.2014
Red Hat Enterprise Linux 7	qemu-kvm	Fixed	RHSA-2014:0704	10.06.2014
RHEV 3.X Hypervisor and Agents for RHEL-6	qemu-kvm-rhev	Fixed	RHSA-2014:0744	10.06.2014
RHEV 3.X Hypervisor and Agents for RHEL-6	rhev-hypervisor6	Fixed	RHSA-2014:0674	09.06.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=1087971QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART

4 Medium

CVSS2

Связанные уязвимости

CVE-2014-2894

ubuntu

больше 11 лет назад

CVE-2014-2894

nvd

больше 11 лет назад

CVE-2014-2894

debian

больше 11 лет назад

Off-by-one error in the cmd_smart function in the smart self test in h ...

GHSA-5v9x-x46w-vf3f

github

около 3 лет назад

ELSA-2014-0704

oracle-oval

около 11 лет назад

ELSA-2014-0704: qemu-kvm security and bug fix update (MODERATE)

4 Medium

CVSS2