CVE-2014-7840
CVSS V2 High 7.5
CVSS V3 None
Description
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
Overview
- CVE ID
- CVE-2014-7840
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2014-12-12T15:59:08
- Last Modified Date
- 2023-02-13T00:42:33
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
AND | ||||
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* | 1 | OR | 2.1.3 | |
AND | ||||
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* | 1 | OR | ||
AND | ||||
cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 7.5
- Severity
- HIGH
- Exploitability Score
- 10
- Impact Score
- 6.4
References
Reference URL | Reference Tags |
---|---|
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08 | |
http://rhn.redhat.com/errata/RHSA-2015-0349.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0624.html | Third Party Advisory |
http://thread.gmane.org/gmane.comp.emulators.qemu/306117 | Broken Link |
https://access.redhat.com/errata/RHSA-2015:0349 | |
https://access.redhat.com/errata/RHSA-2015:0624 | |
https://access.redhat.com/security/cve/CVE-2014-7840 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1163075 | Issue Tracking Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/99194 | Third Party Advisory VDB Entry |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2014-7840 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 17:23:42 | Added to TrackCVE | |||
2022-12-02 02:42:27 | 2014-12-12T15:59Z | 2014-12-12T15:59:08 | CVE Published Date | updated |
2022-12-02 02:42:27 | 2020-08-11T15:21:10 | CVE Modified Date | updated | |
2022-12-02 02:42:27 | Analyzed | Vulnerability Status | updated | |
2023-02-02 21:04:50 | 2023-02-02T20:18:34 | CVE Modified Date | updated | |
2023-02-02 21:04:50 | Analyzed | Modified | Vulnerability Status | updated |
2023-02-02 21:04:51 | The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. | It was found that certain values that were read when loading RAM during migration were not validated. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | Description | updated |
2023-02-02 21:04:56 | References | updated | ||
2023-02-13 01:05:38 | 2023-02-13T00:42:33 | CVE Modified Date | updated | |
2023-02-13 01:05:38 | It was found that certain values that were read when loading RAM during migration were not validated. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. | Description | updated |