Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2014-9718

Published: 21/04/2015 Updated: 13/02/2023
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
VMScore: 436
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Debian Linux

Vulnerability Summary

The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 up to and including 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 8.0

qemu qemu 1.0

qemu qemu 2.0.0

qemu qemu 2.0.2

qemu qemu 1.1

qemu qemu 2.1.3

qemu qemu 2.1.0

qemu qemu 1.6.0

qemu qemu 1.5.0

qemu qemu 1.5.3

qemu qemu 1.5.1

qemu qemu 2.1.1

qemu qemu 1.5.2

qemu qemu 1.0.1

qemu qemu 1.7.1

qemu qemu 1.4.1

qemu qemu 1.4.2

qemu qemu 1.6.2

qemu qemu 1.6.1

qemu qemu 2.1.2

Vendor Advisories

Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Debian CVElist Bug Report Logs: qemu: CVE-2014-9718 CVE-2015-1779
Debian Bug report logs - #781250 qemu: CVE-2014-9718 CVE-2015-1779 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 26 Mar 2015 13:48:13 UTC Severity: important Tags: confirmed, security, upstream Fixe ...
Debian Security Advisories: DSA-3259-1 qemu -- security update
Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service CVE-2015-1779 Daniel P Berrange discovered a denial of service vulnerability in the VNC web socket decoder CVE-2015-2756 Jan Beulich discovered tha ...
Red Hat: CVE-2014-9718
A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation A privileged guest user could use this flaw to crash the system ...

References

CWE-399http://openwall.com/lists/oss-security/2015/04/20/7http://www.debian.org/security/2015/dsa-3259http://www.securityfocus.com/bid/73316http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8https://usn.ubuntu.com/2724-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-9718
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook