Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2014-5388

Published: 15/11/2014 Updated: 13/02/2023
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Qemu

Vulnerability Summary

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

canonical ubuntu linux 14.10

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 10.04

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2014-3640: qemu: slirp: NULL pointer deref in sosendto()
Debian Bug report logs - #762532 CVE-2014-3640: qemu: slirp: NULL pointer deref in sosendto() Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Tue, 23 Sep 2014 06:57:12 UTC ...
Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Red Hat: CVE-2014-5388
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihpc) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption ...

References

CWE-193https://bugzilla.redhat.com/show_bug.cgi?id=1132956http://seclists.org/oss-sec/2014/q3/438http://seclists.org/oss-sec/2014/q3/440https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.htmlhttp://www.ubuntu.com/usn/USN-2409-1http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762532https://usn.ubuntu.com/2409-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-5388
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook