CVE-2014-0182

Published: 18 April 2014

Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.

Priority

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	saucy	Ignored (reached end-of-life)
	trusty	Released (2.0.0+dfsg-2ubuntu1.3)
	upstream	Needs triage
	Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=2f5732e9648fcddc8759a8fd25c0b41a38352be6 (regression fix)
qemu-kvm Launchpad, Ubuntu, Debian	lucid	Released (0.12.3+noroms-0ubuntu9.24)
	precise	Released (1.0+noroms-0ubuntu14.17)
	quantal	Ignored (reached end-of-life)
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needs triage

References

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0182

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›