Lucene search

RedhatCVE-2014-0148

HistorySep 29, 2022 - 3:15 a.m.

CVE-2014-0148

2022-09-2903:15:11

CWE-835

redhat

web.nvd.nist.gov

cve-2014-0148

qemu

hyper-v

vhdx

infinite loops

dos

nvd

security vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

14.2%

JSON

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like ‘sectors_per_block’ etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.

Affected configurations

Nvd

Vulners

Node

qemuqemuRange<2.0.0

Node

redhatvirtualizationMatch3.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.5

redhatenterprise_linux_openstack_platformMatch5

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.5

redhatenterprise_linux_server_tusMatch6.5

redhatenterprise_linux_workstationMatch6.0

VendorProductVersionCPE
qemuqemu*cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
redhatvirtualization3.0cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus6.5cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
redhatenterprise_linux_openstack_platform5cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:*:*:*:*:*:*:*
redhatenterprise_linux_server6.0cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus6.5cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
redhatenterprise_linux_server_tus6.5cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
redhatenterprise_linux_workstation6.0cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qemu	qemu	*	cpe:2.3:a:qemu:qemu::::::::
redhat	virtualization	3.0	cpe:2.3:a:redhat:virtualization:3.0:::::::*
redhat	enterprise_linux_desktop	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
redhat	enterprise_linux_eus	6.5	cpe:2.3:o:redhat:enterprise_linux_eus:6.5:::::::*
redhat	enterprise_linux_openstack_platform	5	cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:::::::*
redhat	enterprise_linux_server	6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
redhat	enterprise_linux_server_aus	6.5	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::*
redhat	enterprise_linux_server_tus	6.5	cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:::::::*
redhat	enterprise_linux_workstation	6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

CNA Affected

[
  {
    "product": "Qemu",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "before 2.0"
      }
    ]
  }
]