QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00642.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a n/a affected
Version Status Constraints
n/a affected

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
OpenStack 3 for RHEL 6
qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.8 cpe:/a:redhat:openstack:3::el6 RHSA-2014:0435 2014-04-24T00:00:00Z
OpenStack 4 for RHEL 6
qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.8 cpe:/a:redhat:openstack:4::el6 RHSA-2014:0434 2014-04-24T00:00:00Z
Red Hat Enterprise Linux 6
qemu-kvm-2:0.12.1.2-2.415.el6_5.8 cpe:/o:redhat:enterprise_linux:6 RHSA-2014:0420 2014-04-22T00:00:00Z
RHEV 3.X Hypervisor and Agents for RHEL-6
qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.8 cpe:/a:redhat:enterprise_linux:6::hypervisor RHSA-2014:0421 2014-04-22T00:00:00Z
rhev-hypervisor6-0:6.5-20140603.2.el6ev cpe:/o:redhat:enterprise_linux:6::hypervisor RHSA-2014:0674 2014-06-09T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Qemu Subscribe
Qemu Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Enterprise Linux Desktop Subscribe
Enterprise Linux Eus Subscribe
Enterprise Linux Openstack Platform Subscribe
Enterprise Linux Server Subscribe
Enterprise Linux Server Aus Subscribe
Enterprise Linux Server Tus Subscribe
Enterprise Linux Workstation Subscribe
Openstack Subscribe
Virtualization Subscribe
Advisories
Source ID Title
Debian DSA Debian DSA DSA-3044-1 qemu-kvm security update
Debian DSA Debian DSA DSA-3045-1 qemu security update
EUVD EUVD EUVD-2014-0203 QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
Ubuntu USN Ubuntu USN USN-2342-1 QEMU vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0420.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0421.html cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1079240 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-0144 cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-0144 cve-icon
https://www.vulnerabilitycenter.com/#%21vul=44767 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T09:05:38.961Z

Reserved: 2013-12-03T00:00:00.000Z

Link: CVE-2014-0144

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-09-29T03:15:11.087

Modified: 2024-11-21T02:01:28.347

Link: CVE-2014-0144

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-03-26T00:00:00Z

Links: CVE-2014-0144 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses