CVE-2014-0147

Published: 26 March 2014

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.

Priority

Medium

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream
Released (1.7.2, 2.0)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(2.0.0~rc1+dfsg-0ubuntu3)
Patches:
Other: https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=246f65838d19db6db55bfb41117c35645a2c4789
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=b106ad9185f35fc4ad669555ad0e79e276083bd7
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Other: https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html