QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00676.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Qemu
  • Qemu
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Eus
  • Enterprise Linux Openstack Platform
  • Enterprise Linux Server
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Tus
  • Enterprise Linux Workstation
  • Openstack
  • Virtualization

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
OpenStack 3 for RHEL 6
qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.8 cpe:/a:redhat:openstack:3::el6 RHSA-2014:0435 2014-04-24T00:00:00Z
OpenStack 4 for RHEL 6
qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.8 cpe:/a:redhat:openstack:4::el6 RHSA-2014:0434 2014-04-24T00:00:00Z
Red Hat Enterprise Linux 6
qemu-kvm-2:0.12.1.2-2.415.el6_5.8 cpe:/o:redhat:enterprise_linux:6 RHSA-2014:0420 2014-04-22T00:00:00Z
RHEV 3.X Hypervisor and Agents for RHEL-6
qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.8 cpe:/a:redhat:enterprise_linux:6::hypervisor RHSA-2014:0421 2014-04-22T00:00:00Z
rhev-hypervisor6-0:6.5-20140603.2.el6ev cpe:/o:redhat:enterprise_linux:6::hypervisor RHSA-2014:0674 2014-06-09T00:00:00Z

No data.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-3044-1 qemu-kvm security update
Debian DSA Debian DSA DSA-3045-1 qemu security update
EUVD EUVD EUVD-2014-0203 QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
Ubuntu USN Ubuntu USN USN-2342-1 QEMU vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97 cve-icon cve-icon
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0420.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0421.html cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1079240 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-0144 cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-0144 cve-icon
https://www.vulnerabilitycenter.com/#%21vul=44767 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T09:05:38.961Z

Reserved: 2013-12-03T00:00:00

Link: CVE-2014-0144

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-09-29T03:15:11.087

Modified: 2024-11-21T02:01:28.347

Link: CVE-2014-0144

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-03-26T00:00:00Z

Links: CVE-2014-0144 - Bugzilla

cve-icon OpenCVE Enrichment

No data.