FKIE_CVE-2014-9718

Vulnerability from fkie_nvd - Published: 2015-04-21 16:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8
secalert@redhat.comhttp://openwall.com/lists/oss-security/2015/04/20/7
secalert@redhat.comhttp://www.debian.org/security/2015/dsa-3259
secalert@redhat.comhttp://www.securityfocus.com/bid/73316
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2015/04/20/7
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3259
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/73316
Impacted products
Vendor Product Version
debian debian_linux 8.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.4.1
qemu qemu 1.4.2
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.1
qemu qemu 1.5.2
qemu qemu 1.5.3
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.1
qemu qemu 1.6.2
qemu qemu 1.7.1
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.2
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.1
qemu qemu 2.1.2
qemu qemu 2.1.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E66599D-9EC4-409C-BD26-62EC3B001984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1CF80F8D-5402-4AA6-ABB1-EEBD8EA0BBDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "92FE0592-3611-4F93-A0B2-73ADFBF87FB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "795EDF48-6FE0-4DE7-A57F-632BF0043677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "17B83487-28EC-4EF0-9703-BD86384C1276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15A780B6-2BF3-480C-A519-16D1BFF2FC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8771F32-FFD2-43BD-B660-2CA8F6C41C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "01E89E31-F32D-4035-8923-7A5728E75DDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "436BABC6-3D1C-4945-AADF-ED4D7C686E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "C3307CBF-525D-4F66-A7A6-B0B273C0BD7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "E0A03725-CE1B-451F-8E14-9168E417692C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B3B915-1606-48E4-9EFC-BD9D6A6D404A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA86C99D-E544-471F-8F8E-94525E600132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "998961D0-6B1E-4237-AFC3-2E1E4D90BDE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "35B1E3F1-4647-47FF-9546-0742F10B607B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0147F4B2-0591-4681-AE24-975AB6A349D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "97757FF0-D0D6-4BFE-811A-6398D8520D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F126B1-284B-4B3A-8540-1498628C46F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8D5F0C-85F5-46D1-B77C-4A7CCE2D69B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "508383F4-B6EE-4C64-AE63-209EA87DF557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A7593-FAC0-4336-84AF-EC367059D5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1E8BE223-9122-416D-AA1D-694B19C80A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "331C6EE9-9DA2-4FE1-8446-C9CC21353332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "383C575E-724D-4F97-9E0C-CDE50499C3D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC5BC38-FFBD-4484-943D-47A0AADD20B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FC829F-2AC7-4CB5-8F03-967906DE9028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB18C9B-B1D6-44A6-A1E9-3D258DE797B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4745807B-A01D-41AE-8996-495176489A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "D583599F-AE5E-40E4-8489-62FD1D0A7845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DE70D9B7-F422-455F-8413-CF34342B22AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E3946C39-A3D1-4E2B-9C7D-0654D9A644EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7F858FD1-58A3-46ED-A3C6-64ECEDF8E458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3C61AE3-16C8-4EC6-B33D-7E331BEA8F0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A47A306F-4E42-467E-ACDA-62028DC93436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "F7AE8D2A-FD6E-447F-BDC1-6CAAA0DDB9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8E48B585-A3E2-45FC-AA92-5DB57180B7DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B0D54B9C-8C30-4186-A526-CE8AEE6252BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2F698F7-74B9-4C20-817D-1E8B92460E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "C4B9D60F-DC78-4270-A41D-3C29FF53F4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFAF4478-81BE-4891-8C13-0A8D8FEE46A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E873593D-95A1-4D69-800C-A8DB6A4C26E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9136A0D4-8334-4AC8-9267-8AC8397122CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function\u0027s return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions."
    },
    {
      "lang": "es",
      "value": "Las interfaces (1) BMDMA y (2) AHCI HBA en la funcionalidad IDE en QEMU 1.0 hasta 2.1.3 tienen m\u00faltiples interpretaciones del valor de retorno de una funci\u00f3n, lo que permite a usarios del sistema operativo invitado causar una denegaci\u00f3n de servicio en el sistema operativo del anfitri\u00f3n (corrupci\u00f3n de memoria o bucle infinito, y ca\u00edda del sistema) a trav\u00e9s de un PRDT sin ningun sector completo, relacionado con las funciones bmdma_prepare_buf y ahci_dma_prepare_buf."
    }
  ],
  "id": "CVE-2014-9718",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-21T16:59:00.077",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2015/04/20/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2015/dsa-3259"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/73316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2015/04/20/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73316"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.