Lucene search
HistoryApr 18, 2014 - 2:55 p.m.
CVE-2014-0150
cve-2014-0150
integer overflow
virtio_net_handle_mac
qemu 2.0
arbitrary code execution
nvd
security vulnerability
4.9 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:P/I:P/A:P
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.8%
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
Affected configurations
Node
qemuqemuRange≤2.0
ORqemuqemuRange≤2.0.0-
ORqemuqemuMatch0.1.0
ORqemuqemuMatch0.1.1
ORqemuqemuMatch0.1.2
ORqemuqemuMatch0.1.3
ORqemuqemuMatch0.1.4
ORqemuqemuMatch0.1.5
ORqemuqemuMatch0.1.6
ORqemuqemuMatch0.2.0
ORqemuqemuMatch0.3.0
ORqemuqemuMatch0.4.0
ORqemuqemuMatch0.4.1
ORqemuqemuMatch0.4.2
ORqemuqemuMatch0.4.3
ORqemuqemuMatch0.5.0
ORqemuqemuMatch0.5.1
ORqemuqemuMatch0.5.2
ORqemuqemuMatch0.5.3
ORqemuqemuMatch0.5.4
ORqemuqemuMatch0.5.5
ORqemuqemuMatch0.6.0
ORqemuqemuMatch0.6.1
ORqemuqemuMatch0.7.0
ORqemuqemuMatch0.7.1
ORqemuqemuMatch0.7.2
ORqemuqemuMatch0.8.0
ORqemuqemuMatch0.8.1
ORqemuqemuMatch0.8.2
ORqemuqemuMatch0.9.0
ORqemuqemuMatch0.9.1
ORqemuqemuMatch0.9.1-5
ORqemuqemuMatch0.10.0
ORqemuqemuMatch0.10.1
ORqemuqemuMatch0.10.2
ORqemuqemuMatch0.10.3
ORqemuqemuMatch0.10.4
ORqemuqemuMatch0.10.5
ORqemuqemuMatch0.10.6
ORqemuqemuMatch0.11.0
ORqemuqemuMatch0.11.0rc0
ORqemuqemuMatch0.11.0rc1
ORqemuqemuMatch0.11.0rc2
ORqemuqemuMatch0.11.0-rc0
ORqemuqemuMatch0.11.0-rc1
ORqemuqemuMatch0.11.0-rc2
ORqemuqemuMatch0.11.1
ORqemuqemuMatch0.12.0
ORqemuqemuMatch0.12.0rc1
ORqemuqemuMatch0.12.0rc2
ORqemuqemuMatch0.12.1
ORqemuqemuMatch0.12.2
ORqemuqemuMatch0.12.3
ORqemuqemuMatch0.12.4
ORqemuqemuMatch0.12.5
ORqemuqemuMatch0.13.0
ORqemuqemuMatch0.13.0rc0
ORqemuqemuMatch0.13.0rc1
ORqemuqemuMatch0.14.0
ORqemuqemuMatch0.14.0rc0
ORqemuqemuMatch0.14.0rc1
ORqemuqemuMatch0.14.0rc2
ORqemuqemuMatch0.14.1
ORqemuqemuMatch0.15.0rc1
ORqemuqemuMatch0.15.0rc2
ORqemuqemuMatch0.15.1
ORqemuqemuMatch0.15.2
ORqemuqemuMatch1.0
ORqemuqemuMatch1.0rc1
ORqemuqemuMatch1.0rc2
ORqemuqemuMatch1.0rc3
ORqemuqemuMatch1.0rc4
ORqemuqemuMatch1.0.1
ORqemuqemuMatch1.1
ORqemuqemuMatch1.1rc1
ORqemuqemuMatch1.1rc2
ORqemuqemuMatch1.1rc3
ORqemuqemuMatch1.1rc4
ORqemuqemuMatch1.4.1
ORqemuqemuMatch1.4.2
ORqemuqemuMatch1.5.0
ORqemuqemuMatch1.5.0rc1
ORqemuqemuMatch1.5.0rc2
ORqemuqemuMatch1.5.0rc3
ORqemuqemuMatch1.5.1
ORqemuqemuMatch1.5.2
ORqemuqemuMatch1.5.3
ORqemuqemuMatch1.6.0
ORqemuqemuMatch1.6.0rc1
ORqemuqemuMatch1.6.0rc2
ORqemuqemuMatch1.6.0rc3
ORqemuqemuMatch1.6.1
ORqemuqemuMatch1.6.2
ORqemuqemuMatch1.7.1
ORqemuqemuMatch2.0.0rc0
ORqemuqemuMatch2.0.0rc1
ORqemuqemuMatch2.0.0rc2
ORqemuqemuMatch2.0.0rc3
ORredhatenterprise_linuxMatch6.0
References
article.gmane.org/gmane.comp.emulators.qemu/266768
secunia.com/advisories/57878
secunia.com/advisories/58191
thread.gmane.org/gmane.comp.emulators.qemu/266713
www.debian.org/security/2014/dsa-2909
www.debian.org/security/2014/dsa-2910
www.ubuntu.com/usn/USN-2182-1
bugzilla.redhat.com/show_bug.cgi?id=1078846
Related
openvas
openvas
Debian: Security Advisory (DSA-2909-1)
2014-04-17 00:00:00
Debian Security Advisory DSA 2909-1 (qemu - security update)
2014-04-18 00:00:00
Debian Security Advisory DSA 2910-1 (qemu-kvm - security update)
2014-04-18 00:00:00
nvd
nvd
CVE-2014-0150
2014-04-18 14:55:25
debiancve
debiancve
CVE-2014-0150
2014-04-18 14:55:25
osv
osv
qemu-kvm - security update
2014-04-18 00:00:00
qemu - security update
2014-04-18 00:00:00
seebug
seebug
Qemu virtio-net "virtio_net_handle_mac()"整数溢出漏洞
2014-04-18 00:00:00
debian
debian
[SECURITY] [DSA 2910-1] qemu-kvm security update
2014-04-18 06:36:22
[SECURITY] [DSA 2909-1] qemu security update
2014-04-18 06:35:56
[SECURITY] [DSA 2910-1] qemu-kvm security update
2014-04-18 06:36:22
prion
prion
Integer overflow
2014-04-18 14:55:00
nessus
nessus
Debian DSA-2909-1 : qemu - security update
2014-04-21 00:00:00
Debian DSA-2910-1 : qemu-kvm - security update
2014-04-21 00:00:00
Ubuntu 14.04 LTS : QEMU vulnerabilities (USN-2182-1)
2014-04-29 00:00:00
ubuntucve
ubuntucve
CVE-2014-0150
2014-04-18 00:00:00
cvelist
cvelist
CVE-2014-0150
2014-04-18 14:00:00
securityvulns
securityvulns
[USN-2182-1] QEMU vulnerabilities
2014-05-04 00:00:00
QEMU multiple security vulnerabilities
2014-05-15 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2014-04-28 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: xen-4.4.1-9.fc21
2014-12-12 04:01:42
[SECURITY] Fedora 20 Update: qemu-1.6.2-6.fc20
2014-06-10 02:56:05
[SECURITY] Fedora 21 Update: xen-4.4.1-12.fc21
2015-01-17 05:35:38
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:57:36
Denial Of Service (DoS)
2019-05-02 04:57:36
Denial Of Service (DoS)
2019-05-02 04:57:36
redhat
redhat
(RHSA-2014:0420) Moderate: qemu-kvm security update
2014-04-22 00:00:00
(RHSA-2014:0435) Moderate: qemu-kvm-rhev security update
2014-04-24 00:00:00
(RHSA-2014:0434) Moderate: qemu-kvm-rhev security update
2014-04-24 00:00:00
oraclelinux
oraclelinux
qemu-kvm security update
2014-04-22 00:00:00
centos
centos
qemu security update
2014-04-22 19:33:34
gentoo
gentoo
QEMU: Multiple vulnerabilities
2014-08-30 00:00:00
mageia
mageia
Updated qemu packages fix multiple security vulnerabilities
2014-10-28 14:33:36
4.9 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:P/I:P/A:P
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.8%
Related for CVE-2014-0150