The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
References
Link | Resource |
---|---|
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08 | |
http://rhn.redhat.com/errata/RHSA-2015-0349.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0624.html | Third Party Advisory |
http://thread.gmane.org/gmane.comp.emulators.qemu/306117 | Broken Link |
https://bugzilla.redhat.com/show_bug.cgi?id=1163075 | Issue Tracking Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/99194 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
History
13 Feb 2023, 00:42
Type | Values Removed | Values Added |
---|---|---|
Summary | The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. | |
References |
|
02 Feb 2023, 20:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that certain values that were read when loading RAM during migration were not validated. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. |
Information
Published : 2014-12-12 15:59
Updated : 2023-12-10 11:31
NVD link : CVE-2014-7840
Mitre link : CVE-2014-7840
CVE.ORG link : CVE-2014-7840
JSON object : View
Products Affected
redhat
- enterprise_linux_server_aus
- enterprise_linux_workstation
- virtualization
- enterprise_linux_desktop
- enterprise_linux_eus
- enterprise_linux_server
- enterprise_linux
qemu
- qemu
CWE
CWE-20
Improper Input Validation