CVE-2014-8106

Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html
http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html
http://rhn.redhat.com/errata/RHSA-2015-0349.html
http://rhn.redhat.com/errata/RHSA-2015-0624.html
http://rhn.redhat.com/errata/RHSA-2015-0643.html
http://rhn.redhat.com/errata/RHSA-2015-0795.html
http://rhn.redhat.com/errata/RHSA-2015-0867.html
http://rhn.redhat.com/errata/RHSA-2015-0868.html
http://rhn.redhat.com/errata/RHSA-2015-0891.html
http://secunia.com/advisories/60364
http://support.citrix.com/article/CTX200892
http://www.debian.org/security/2014/dsa-3087	Vendor Advisory
http://www.debian.org/security/2014/dsa-3088	Vendor Advisory
http://www.openwall.com/lists/oss-security/2014/12/04/8
http://www.securityfocus.com/bid/71477
https://exchange.xforce.ibmcloud.com/vulnerabilities/99126

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:2.1.0:::::::*
	cpe:2.3:a:qemu:qemu:2.1.0:rc0::::::
	cpe:2.3:a:qemu:qemu:2.1.0:rc1::::::
	cpe:2.3:a:qemu:qemu:2.1.0:rc2::::::
	cpe:2.3:a:qemu:qemu:2.1.0:rc3::::::
	cpe:2.3:a:qemu:qemu:2.1.0:rc5::::::
	cpe:2.3:a:qemu:qemu:2.1.1:::::::*

History

No history.

Information

Published : 2014-12-08 16:59

Updated : 2024-02-04 18:35

NVD link : CVE-2014-8106

Mitre link : CVE-2014-8106

CVE.ORG link : CVE-2014-8106

JSON object : View

Products Affected

qemu

qemu

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2014-8106", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-08T16:59:01.370", "references": [{"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a", "source": "secalert@redhat.com"}, {"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html", "source": "secalert@redhat.com"}, {"url": "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0643.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0795.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0867.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0868.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0891.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/60364", "source": "secalert@redhat.com"}, {"url": "http://support.citrix.com/article/CTX200892", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2014/dsa-3087", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2014/dsa-3088", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2014/12/04/8", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/71477", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el emulador Cirrus VGA (hw/display/cirrus_vga.c) en QEMU anterior a 2.2.0 permite a usuarios locales invotados ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con las regiones blit. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2007-1320."}], "lastModified": "2023-02-13T00:42:40.813", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B61730A-98E3-4FE5-BAEB-5254AC84F52F", "versionEndIncluding": "2.1.2"}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A47A306F-4E42-467E-ACDA-62028DC93436"}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7AE8D2A-FD6E-447F-BDC1-6CAAA0DDB9DF"}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E48B585-A3E2-45FC-AA92-5DB57180B7DC"}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0D54B9C-8C30-4186-A526-CE8AEE6252BA"}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2F698F7-74B9-4C20-817D-1E8B92460E2D"}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4B9D60F-DC78-4270-A41D-3C29FF53F4AA"}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFAF4478-81BE-4891-8C13-0A8D8FEE46A7"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}