CVE-2014-0148

Published: 26 March 2014

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.

Priority

Medium

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream
Released (1.7.2, 2.0)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(2.0.0~rc1+dfsg-0ubuntu3)
Patches:
Other: https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=1d7678dec4761acdc43439da6ceda41a703ba1a6
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Other: https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html