CVE-2014-0144

Publication date 26 March 2014

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

8.6 · High

Score breakdown

QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.

Status

Package Ubuntu Release Status
qemu 14.04 LTS trusty
Not affected
13.10 saucy Ignored end of life
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
qemu-kvm 14.04 LTS trusty Not in release
13.10 saucy Not in release
12.10 quantal Ignored end of life
12.04 LTS precise
Fixed 1.0+noroms-0ubuntu14.17
10.04 LTS lucid
Fixed 0.12.3+noroms-0ubuntu9.24

Severity score breakdown

Parameter Value
Base score 8.6 · High
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Changed
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-2342-1
    • QEMU vulnerabilities
    • 8 September 2014

Other references