CVE-2014-5388

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.
Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

History

21 Nov 2024, 02:11

Type Values Removed Values Added
References () http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16 - () http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16 -
References () http://seclists.org/oss-sec/2014/q3/438 - Mailing List, Patch, Third Party Advisory () http://seclists.org/oss-sec/2014/q3/438 - Mailing List, Patch, Third Party Advisory
References () http://seclists.org/oss-sec/2014/q3/440 - Mailing List, Third Party Advisory () http://seclists.org/oss-sec/2014/q3/440 - Mailing List, Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2409-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-2409-1 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=1132956 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1132956 - Issue Tracking, Third Party Advisory
References () https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html - Patch, Third Party Advisory () https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html - Patch, Third Party Advisory

Information

Published : 2014-11-15 21:59

Updated : 2024-11-21 02:11


NVD link : CVE-2014-5388

Mitre link : CVE-2014-5388

CVE.ORG link : CVE-2014-5388


JSON object : View

Products Affected

canonical

  • ubuntu_linux

qemu

  • qemu
CWE
CWE-193

Off-by-one Error