CVE-2014-3461 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Qemu

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190 — Integer Overflow or Wraparound CWE-122 — Heap-based Buffer Overflow9 documents7 sources

Severity

6.8MEDIUMNVD

OSV7.5

EPSS

3.3%

top 12.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu

Timeline

PublishedNov 4

Latest updateMay 17

Description

hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/qemu< qemu 2.1+dfsg-1 (bookworm)

▶Debianqemu/qemu< 2.1+dfsg-1+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.3

▶NVDqemu/qemu1.6.2

🔴Vulnerability Details

GHSA

GHSA-9mpf-qr4j-4fp9: hw/usb/bus↗2022-05-17

▶

OSV

CVE-2014-3461: hw/usb/bus↗2014-11-04

▶

OSV

qemu, qemu-kvm vulnerabilities↗2014-09-08

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2014-09-08

▶

Red Hat

Qemu: usb: fix up post load checks↗2014-05-12

▶

Debian

CVE-2014-3461: qemu - hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via...↗2014

▶

💬Community

Bugzilla

CVE-2014-3461 Qemu: usb: fix up post load checks [fedora-all]↗2014-05-13

▶

Bugzilla

CVE-2014-3461 Qemu: usb: fix up post load checks↗2014-05-12

▶