cve-2014-9718
Vulnerability from cvelistv5
Published
2015-04-21 16:00
Modified
2024-08-06 13:55
Severity ?
Summary
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:55:04.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3259",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3259"
          },
          {
            "name": "[oss-security] 20150420 Re: CVE request Qemu: malicious PRDT flow from guest to host",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/04/20/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8"
          },
          {
            "name": "73316",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function\u0027s return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-06-15T15:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-3259",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3259"
        },
        {
          "name": "[oss-security] 20150420 Re: CVE request Qemu: malicious PRDT flow from guest to host",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/04/20/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8"
        },
        {
          "name": "73316",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73316"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-9718",
    "datePublished": "2015-04-21T16:00:00",
    "dateReserved": "2015-04-21T00:00:00",
    "dateUpdated": "2024-08-06T13:55:04.598Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-9718\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-04-21T16:59:00.077\",\"lastModified\":\"2024-11-21T02:21:31.253\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function\u0027s return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.\"},{\"lang\":\"es\",\"value\":\"Las interfaces (1) BMDMA y (2) AHCI HBA en la funcionalidad IDE en QEMU 1.0 hasta 2.1.3 tienen m\u00faltiples interpretaciones del valor de retorno de una funci\u00f3n, lo que permite a usarios del sistema operativo invitado causar una denegaci\u00f3n de servicio en el sistema operativo del anfitri\u00f3n (corrupci\u00f3n de memoria o bucle infinito, y ca\u00edda del sistema) a trav\u00e9s de un PRDT sin ningun sector completo, relacionado con las funciones bmdma_prepare_buf y ahci_dma_prepare_buf.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E66599D-9EC4-409C-BD26-62EC3B001984\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CF80F8D-5402-4AA6-ABB1-EEBD8EA0BBDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"92FE0592-3611-4F93-A0B2-73ADFBF87FB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"795EDF48-6FE0-4DE7-A57F-632BF0043677\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"17B83487-28EC-4EF0-9703-BD86384C1276\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15A780B6-2BF3-480C-A519-16D1BFF2FC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8771F32-FFD2-43BD-B660-2CA8F6C41C5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"01E89E31-F32D-4035-8923-7A5728E75DDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"436BABC6-3D1C-4945-AADF-ED4D7C686E35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3307CBF-525D-4F66-A7A6-B0B273C0BD7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0A03725-CE1B-451F-8E14-9168E417692C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59B3B915-1606-48E4-9EFC-BD9D6A6D404A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA86C99D-E544-471F-8F8E-94525E600132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"998961D0-6B1E-4237-AFC3-2E1E4D90BDE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"35B1E3F1-4647-47FF-9546-0742F10B607B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0147F4B2-0591-4681-AE24-975AB6A349D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"97757FF0-D0D6-4BFE-811A-6398D8520D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46F126B1-284B-4B3A-8540-1498628C46F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E8D5F0C-85F5-46D1-B77C-4A7CCE2D69B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"508383F4-B6EE-4C64-AE63-209EA87DF557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB7A7593-FAC0-4336-84AF-EC367059D5C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E8BE223-9122-416D-AA1D-694B19C80A4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"331C6EE9-9DA2-4FE1-8446-C9CC21353332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"383C575E-724D-4F97-9E0C-CDE50499C3D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEC5BC38-FFBD-4484-943D-47A0AADD20B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59FC829F-2AC7-4CB5-8F03-967906DE9028\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB18C9B-B1D6-44A6-A1E9-3D258DE797B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4745807B-A01D-41AE-8996-495176489A63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.0.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"D583599F-AE5E-40E4-8489-62FD1D0A7845\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE70D9B7-F422-455F-8413-CF34342B22AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3946C39-A3D1-4E2B-9C7D-0654D9A644EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F858FD1-58A3-46ED-A3C6-64ECEDF8E458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3C61AE3-16C8-4EC6-B33D-7E331BEA8F0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A47A306F-4E42-467E-ACDA-62028DC93436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7AE8D2A-FD6E-447F-BDC1-6CAAA0DDB9DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E48B585-A3E2-45FC-AA92-5DB57180B7DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0D54B9C-8C30-4186-A526-CE8AEE6252BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2F698F7-74B9-4C20-817D-1E8B92460E2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4B9D60F-DC78-4270-A41D-3C29FF53F4AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFAF4478-81BE-4891-8C13-0A8D8FEE46A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E873593D-95A1-4D69-800C-A8DB6A4C26E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9136A0D4-8334-4AC8-9267-8AC8397122CC\"}]}]}],\"references\":[{\"url\":\"http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://openwall.com/lists/oss-security/2015/04/20/7\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3259\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/73316\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://openwall.com/lists/oss-security/2015/04/20/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3259\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/73316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.