Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-0148

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.

Published

2022-09-29T03:15:11.340

Last Modified

2024-11-21T02:01:28.860

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-835
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application qemu qemu < 2.0.0 Yes
Application redhat virtualization 3.0 Yes
Operating System redhat enterprise_linux_desktop 6.0 Yes
Operating System redhat enterprise_linux_eus 6.5 Yes
Operating System redhat enterprise_linux_openstack_platform 5 Yes
Operating System redhat enterprise_linux_server 6.0 Yes
Operating System redhat enterprise_linux_server_aus 6.5 Yes
Operating System redhat enterprise_linux_server_tus 6.5 Yes
Operating System redhat enterprise_linux_workstation 6.0 Yes
References