CVE-2014-2894
Published: 23 April 2014
Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
qemu Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| saucy |
Released
(1.5.0+dfsg-3ubuntu5.4)
|
|
| trusty |
Released
(2.0.0~rc1+dfsg-0ubuntu3.1)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=940973ae0b45c9b6817bab8e4cf4df99a9ef83d7 |
||
|
qemu-kvm Launchpad, Ubuntu, Debian |
lucid |
Released
(0.12.3+noroms-0ubuntu9.22)
|
| precise |
Released
(1.0+noroms-0ubuntu14.14)
|
|
| quantal |
Released
(1.2.0+noroms-0ubuntu2.12.10.7)
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|