CVE-2014-5263 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Qemu

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

6.8MEDIUMNVD

OSV2.1

EPSS

0.4%

top 38.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu

Timeline

PublishedAug 26

Latest updateMay 17

Description

vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/qemu< qemu 2.1+dfsg-1 (bookworm)

▶Debianqemu/qemu< 2.1+dfsg-1+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.7

▶NVDqemu/qemu1.6.0

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-qxm2-g26p-5vjg: vmstate_xhci_event in hw/usb/hcd-xhci↗2022-05-17

▶

OSV

qemu, qemu-kvm vulnerabilities↗2014-11-13

▶

OSV

CVE-2014-5263: vmstate_xhci_event in hw/usb/hcd-xhci↗2014-08-26

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2014-11-13

▶

Red Hat

qemu: missing field list terminator in vmstate_xhci_event↗2014-07-22

▶

Debian

CVE-2014-5263: qemu - vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the lis...↗2014

▶

💬Community

Bugzilla

CVE-2014-5263 qemu: missing field list terminator in vmstate_xhci_event↗2014-08-04

▶