CVE-2014-5388
Published: 26 August 2014
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.
Notes
Author | Note |
---|---|
mdeslaur | introduced in 1.7.x by http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091 |
Priority
Status
Package | Release | Status |
---|---|---|
qemu Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Released
(2.0.0+dfsg-2ubuntu1.7)
|
|
upstream |
Needs triage
|
|
utopic |
Released
(2.1+dfsg-3ubuntu4)
|
|
Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=fa365d7cd11185237471823a5a33d36765454e16 |
||
qemu-kvm Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(code-not-present)
|
precise |
Not vulnerable
(code-not-present)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|