CVE-2014-3461

Published: 15 May 2014

hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."

Priority

Low

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.0.0+dfsg-2ubuntu1.3)
Patches:
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=719ffe1f5f72b1c7ace4afe9ba2815bcb53a829e
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist