Vulnerability Details CVE-2014-0148
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.6%
CVSS Severity
CVSS v3 Score 5.5
References
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6
- http://rhn.redhat.com/errata/RHSA-2014-0420.html
- http://rhn.redhat.com/errata/RHSA-2014-0421.html
- http://www.openwall.com/lists/oss-security/2014/03/26/8
- https://bugzilla.redhat.com/show_bug.cgi?id=1078212
- https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6
- http://rhn.redhat.com/errata/RHSA-2014-0420.html
- http://rhn.redhat.com/errata/RHSA-2014-0421.html
- http://www.openwall.com/lists/oss-security/2014/03/26/8
- https://bugzilla.redhat.com/show_bug.cgi?id=1078212
- https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html
Products affected by CVE-2014-0148
-
cpe:2.3:a:qemu:qemu:-
-
cpe:2.3:a:qemu:qemu:0.1
-
cpe:2.3:a:qemu:qemu:0.1.0
-
cpe:2.3:a:qemu:qemu:0.1.1
-
cpe:2.3:a:qemu:qemu:0.1.2
-
cpe:2.3:a:qemu:qemu:0.1.3
-
cpe:2.3:a:qemu:qemu:0.1.4
-
cpe:2.3:a:qemu:qemu:0.1.5
-
cpe:2.3:a:qemu:qemu:0.1.6
-
cpe:2.3:a:qemu:qemu:0.10.0
-
cpe:2.3:a:qemu:qemu:0.10.1
-
cpe:2.3:a:qemu:qemu:0.10.2
-
cpe:2.3:a:qemu:qemu:0.10.3
-
cpe:2.3:a:qemu:qemu:0.10.4
-
cpe:2.3:a:qemu:qemu:0.10.5
-
cpe:2.3:a:qemu:qemu:0.10.6
-
cpe:2.3:a:qemu:qemu:0.11.0
-
cpe:2.3:a:qemu:qemu:0.11.0-rc0
-
cpe:2.3:a:qemu:qemu:0.11.0-rc1
-
cpe:2.3:a:qemu:qemu:0.11.0-rc2
-
cpe:2.3:a:qemu:qemu:0.11.1
-
cpe:2.3:a:qemu:qemu:0.12.0
-
cpe:2.3:a:qemu:qemu:0.12.1
-
cpe:2.3:a:qemu:qemu:0.12.2
-
cpe:2.3:a:qemu:qemu:0.12.3
-
cpe:2.3:a:qemu:qemu:0.12.4
-
cpe:2.3:a:qemu:qemu:0.12.5
-
cpe:2.3:a:qemu:qemu:0.13.0
-
cpe:2.3:a:qemu:qemu:0.14.0
-
cpe:2.3:a:qemu:qemu:0.14.1
-
cpe:2.3:a:qemu:qemu:0.15.0
-
cpe:2.3:a:qemu:qemu:0.15.1
-
cpe:2.3:a:qemu:qemu:0.15.2
-
cpe:2.3:a:qemu:qemu:0.2
-
cpe:2.3:a:qemu:qemu:0.2.0
-
cpe:2.3:a:qemu:qemu:0.3
-
cpe:2.3:a:qemu:qemu:0.3.0
-
cpe:2.3:a:qemu:qemu:0.4
-
cpe:2.3:a:qemu:qemu:0.4.0
-
cpe:2.3:a:qemu:qemu:0.4.1
-
cpe:2.3:a:qemu:qemu:0.4.2
-
cpe:2.3:a:qemu:qemu:0.4.3
-
cpe:2.3:a:qemu:qemu:0.4.4
-
cpe:2.3:a:qemu:qemu:0.5.0
-
cpe:2.3:a:qemu:qemu:0.5.1
-
cpe:2.3:a:qemu:qemu:0.5.2
-
cpe:2.3:a:qemu:qemu:0.5.3
-
cpe:2.3:a:qemu:qemu:0.5.4
-
cpe:2.3:a:qemu:qemu:0.5.5
-
cpe:2.3:a:qemu:qemu:0.6.0
-
cpe:2.3:a:qemu:qemu:0.6.1
-
cpe:2.3:a:qemu:qemu:0.7.0
-
cpe:2.3:a:qemu:qemu:0.7.1
-
cpe:2.3:a:qemu:qemu:0.7.2
-
cpe:2.3:a:qemu:qemu:0.8.0
-
cpe:2.3:a:qemu:qemu:0.8.1
-
cpe:2.3:a:qemu:qemu:0.8.2
-
cpe:2.3:a:qemu:qemu:0.9.0
-
cpe:2.3:a:qemu:qemu:0.9.1
-
cpe:2.3:a:qemu:qemu:0.9.1-5
-
cpe:2.3:a:qemu:qemu:1
-
cpe:2.3:a:qemu:qemu:1.0
-
cpe:2.3:a:qemu:qemu:1.0.1
-
cpe:2.3:a:qemu:qemu:1.1
-
cpe:2.3:a:qemu:qemu:1.1.0
-
cpe:2.3:a:qemu:qemu:1.1.1
-
cpe:2.3:a:qemu:qemu:1.1.2
-
cpe:2.3:a:qemu:qemu:1.1.2+dfsg
-
cpe:2.3:a:qemu:qemu:1.2.0
-
cpe:2.3:a:qemu:qemu:1.2.1
-
cpe:2.3:a:qemu:qemu:1.2.2
-
cpe:2.3:a:qemu:qemu:1.3.0
-
cpe:2.3:a:qemu:qemu:1.3.1
-
cpe:2.3:a:qemu:qemu:1.4.0
-
cpe:2.3:a:qemu:qemu:1.4.1
-
cpe:2.3:a:qemu:qemu:1.4.2
-
cpe:2.3:a:qemu:qemu:1.5.0
-
cpe:2.3:a:qemu:qemu:1.5.1
-
cpe:2.3:a:qemu:qemu:1.5.2
-
cpe:2.3:a:qemu:qemu:1.5.3
-
cpe:2.3:a:qemu:qemu:1.6.0
-
cpe:2.3:a:qemu:qemu:1.6.1
-
cpe:2.3:a:qemu:qemu:1.6.2
-
cpe:2.3:a:qemu:qemu:1.7.0
-
cpe:2.3:a:qemu:qemu:1.7.1
-
cpe:2.3:a:qemu:qemu:1.7.2
-
cpe:2.3:a:redhat:virtualization:3.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:6.5
-
cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5
-
cpe:2.3:o:redhat:enterprise_linux_server:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5
-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0