CVE-2014-9718 — Infinite Loop in Qemu

CWE-399 CWE-835 — Infinite Loop8 documents7 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 56.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian Linux

Timeline

PublishedApr 21

Latest updateMay 17

Description

The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages4 packages

▶debiandebian/qemu< qemu 1:2.3+dfsg-1 (bookworm)

▶Debianqemu/qemu< 1:2.3+dfsg-1+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.17

▶NVDqemu/qemu19 versions+18

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-wc8f-g43g-pgxv: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1↗2022-05-17

▶

OSV

qemu, qemu-kvm vulnerabilities↗2015-08-27

▶

OSV

CVE-2014-9718: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1↗2015-04-21

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2015-08-27

▶

Red Hat

Qemu: PRDT overflow from guest to host↗2014-10-31

▶

Debian

CVE-2014-9718: qemu - The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 t...↗2014

▶

💬Community

Bugzilla

CVE-2014-9718 Qemu: PRDT overflow from guest to host↗2015-03-23

▶