Published: 01/11/2014 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
debian debian linux 7.0
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux server tus 7.3
redhat enterprise linux server aus 7.3
redhat enterprise linux server aus 7.4
redhat enterprise linux eus 7.3
redhat enterprise linux eus 7.4
redhat enterprise linux eus 7.5
redhat enterprise linux server tus 7.6
redhat enterprise linux server aus 7.6
redhat enterprise linux eus 7.6
redhat enterprise linux server aus 7.7
redhat enterprise linux server tus 7.7
redhat enterprise linux eus 7.7
redhat openstack 5.0
redhat virtualization 3.0
canonical ubuntu linux 14.10
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 10.04
opensuse opensuse 13.1

Several security issues were fixed in QEMU ...

Debian Bug report logs - #765496 CVE-2014-3689: insufficient parameter validation in vmware_vga rectangle functions Package: qemu-system-x86; Maintainer for qemu-system-x86 is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu-system-x86 is src:qemu (PTS, buildd, popcon) Reported by: Michael Tokarev & ...

Debian Bug report logs - #762532 CVE-2014-3640: qemu: slirp: NULL pointer deref in sosendto() Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Tue, 23 Sep 2014 06:57:12 UTC ...

Several vulnerabilities were discovered in qemu, a fast processor emulator: Various security issues have been found in the block qemu drivers Malformed disk images might result in the execution of arbitrary code A NULL pointer dereference in SLIRP may result in denial of service An information leak was discovered in the VGA emulation For t ...

An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest ...

CWE-200 http://rhn.redhat.com/errata/RHSA-2014-1670.html https://bugzilla.redhat.com/show_bug.cgi?id=1139115 http://rhn.redhat.com/errata/RHSA-2014-1669.html http://secunia.com/advisories/61829 http://www.ubuntu.com/usn/USN-2409-1 http://rhn.redhat.com/errata/RHSA-2014-1941.html http://www.securityfocus.com/bid/69654 http://support.citrix.com/article/CTX200892 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://www.debian.org/security/2014/dsa-3044 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ab9509cceabef28071e41bdfa073083859c949a7 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c1b886c45dc70f247300f549dce9833f3fa2def5 https://usn.ubuntu.com/2409-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-3615

CVE-2014-3615

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect