CVE-2014-0147

CWE-190 — Integer Overflow9 documents8 sources

Severity

6.2MEDIUM

EPSS

0.1%

top 68.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Qemu Fedoraproject Fedora Redhat Enterprise Linux Desktop +7 more

Timeline

PublishedSep 29

Latest updateSep 30

Description

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages8 packages

▶NVDqemu/qemu< 1.6.2

▶Debianqemu< 2.0.0+dfsg-1+3

▶CVEListV5qemubefore 1.6.2

▶NVDredhat/virtualization3.0

▶NVDredhat/enterprise_linux_server6.0

Also affects: Fedora 20, Enterprise Linux 6.5

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-gx9j-r5m2-p97g: Qemu before 1↗2022-09-30

▶

OSV

CVE-2014-0147: Qemu before 1↗2022-09-29

▶

CVEList

CVE-2014-0147: Qemu before 1↗2020-02-11

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2014-09-08

▶

Red Hat

Qemu: block: possible crash due signed types or logic error↗2014-03-26

▶

Debian

CVE-2014-0147: qemu - Qemu before 1.6.2 block diver for the various disk image formats used by Bochs a...↗2014

▶

💬Community

Bugzilla

CVE-2014-0147 Qemu: block: possible crash due signed types or logic error [fedora-all]↗2014-04-11

▶

Bugzilla

CVE-2014-0147 Qemu: block: possible crash due signed types or logic error↗2014-03-20

▶