Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2014-3689

Published: 14/11/2014 Updated: 13/02/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Qemu

Vulnerability Summary

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

debian debian linux 7.0

canonical ubuntu linux 14.10

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 10.04

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2014-3689: insufficient parameter validation in vmware_vga rectangle functions
Debian Bug report logs - #765496 CVE-2014-3689: insufficient parameter validation in vmware_vga rectangle functions Package: qemu-system-x86; Maintainer for qemu-system-x86 is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu-system-x86 is src:qemu (PTS, buildd, popcon) Reported by: Michael Tokarev & ...
Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Debian Security Advisories: DSA-3066-1 qemu -- security update
Several vulnerabilities were discovered in qemu, a fast processor emulator CVE-2014-3689 The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver A privileged guest user could use this flaw to write into qemu address sp ...
Debian Security Advisories: DSA-3067-1 qemu-kvm -- security update
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware CVE-2014-3689 The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver A privileged guest user could use this flaw to w ...
Red Hat: CVE-2014-3689
The vmware-vga driver (hw/display/vmware_vgac) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling ...

References

CWE-269http://www.debian.org/security/2014/dsa-3067http://www.osvdb.org/114397http://secunia.com/advisories/62143http://secunia.com/advisories/60923http://secunia.com/advisories/62144http://www.ubuntu.com/usn/USN-2409-1http://www.debian.org/security/2014/dsa-3066https://www.mail-archive.com/qemu-devel%40nongnu.org/msg261580.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765496https://usn.ubuntu.com/2409-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3689
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook