CVE-2014-9718

Published: 21 April 2015

The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.

Priority

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	Upstream	Released (2.2.0)





	Ubuntu 14.04 ESM (Trusty Tahr)	Released (2.0.0+dfsg-2ubuntu1.17)
	Patches: Upstream: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8
qemu-kvm Launchpad, Ubuntu, Debian	Upstream	Needs triage





	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

CVE-2014-9718

Low

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading