cve-2014-9718
Vulnerability from cvelistv5
Published
2015-04-21 16:00
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3259"
},
{
"name": "[oss-security] 20150420 Re: CVE request Qemu: malicious PRDT flow from guest to host",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/04/20/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8"
},
{
"name": "73316",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function\u0027s return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-15T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3259"
},
{
"name": "[oss-security] 20150420 Re: CVE request Qemu: malicious PRDT flow from guest to host",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2015/04/20/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8"
},
{
"name": "73316",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73316"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-9718",
"datePublished": "2015-04-21T16:00:00",
"dateReserved": "2015-04-21T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2014-9718\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-04-21T16:59:00.077\",\"lastModified\":\"2023-02-13T00:45:32.650\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function\u0027s return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.\"},{\"lang\":\"es\",\"value\":\"Las interfaces (1) BMDMA y (2) AHCI HBA en la funcionalidad IDE en QEMU 1.0 hasta 2.1.3 tienen m\u00faltiples interpretaciones del valor de retorno de una funci\u00f3n, lo que permite a usarios del sistema operativo invitado causar una denegaci\u00f3n de servicio en el sistema operativo del anfitri\u00f3n (corrupci\u00f3n de memoria o bucle infinito, y ca\u00edda del sistema) a trav\u00e9s de un PRDT sin ningun sector completo, relacionado con las funciones bmdma_prepare_buf y ahci_dma_prepare_buf.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":4.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E66599D-9EC4-409C-BD26-62EC3B001984\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CF80F8D-5402-4AA6-ABB1-EEBD8EA0BBDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"92FE0592-3611-4F93-A0B2-73ADFBF87FB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"795EDF48-6FE0-4DE7-A57F-632BF0043677\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"17B83487-28EC-4EF0-9703-BD86384C1276\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15A780B6-2BF3-480C-A519-16D1BFF2FC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8771F32-FFD2-43BD-B660-2CA8F6C41C5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"01E89E31-F32D-4035-8923-7A5728E75DDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"436BABC6-3D1C-4945-AADF-ED4D7C686E35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3307CBF-525D-4F66-A7A6-B0B273C0BD7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0A03725-CE1B-451F-8E14-9168E417692C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59B3B915-1606-48E4-9EFC-BD9D6A6D404A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA86C99D-E544-471F-8F8E-94525E600132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"998961D0-6B1E-4237-AFC3-2E1E4D90BDE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"35B1E3F1-4647-47FF-9546-0742F10B607B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0147F4B2-0591-4681-AE24-975AB6A349D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"97757FF0-D0D6-4BFE-811A-6398D8520D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46F126B1-284B-4B3A-8540-1498628C46F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E8D5F0C-85F5-46D1-B77C-4A7CCE2D69B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"508383F4-B6EE-4C64-AE63-209EA87DF557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB7A7593-FAC0-4336-84AF-EC367059D5C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E8BE223-9122-416D-AA1D-694B19C80A4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"331C6EE9-9DA2-4FE1-8446-C9CC21353332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"383C575E-724D-4F97-9E0C-CDE50499C3D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEC5BC38-FFBD-4484-943D-47A0AADD20B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59FC829F-2AC7-4CB5-8F03-967906DE9028\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB18C9B-B1D6-44A6-A1E9-3D258DE797B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4745807B-A01D-41AE-8996-495176489A63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.0.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"D583599F-AE5E-40E4-8489-62FD1D0A7845\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE70D9B7-F422-455F-8413-CF34342B22AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3946C39-A3D1-4E2B-9C7D-0654D9A644EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F858FD1-58A3-46ED-A3C6-64ECEDF8E458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3C61AE3-16C8-4EC6-B33D-7E331BEA8F0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A47A306F-4E42-467E-ACDA-62028DC93436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7AE8D2A-FD6E-447F-BDC1-6CAAA0DDB9DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E48B585-A3E2-45FC-AA92-5DB57180B7DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0D54B9C-8C30-4186-A526-CE8AEE6252BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2F698F7-74B9-4C20-817D-1E8B92460E2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4B9D60F-DC78-4270-A41D-3C29FF53F4AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFAF4478-81BE-4891-8C13-0A8D8FEE46A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E873593D-95A1-4D69-800C-A8DB6A4C26E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9136A0D4-8334-4AC8-9267-8AC8397122CC\"}]}]}],\"references\":[{\"url\":\"http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://openwall.com/lists/oss-security/2015/04/20/7\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3259\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/73316\",\"source\":\"secalert@redhat.com\"}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.