Bugzilla – Bug 874749
VUL-0: CVE-2014-2894: qemu: out of bounds buffer accesses, guest triggerable via IDE SMART
Last modified: 2014-07-16 07:32:54 UTC
An out of bounds memory access flaw was found in Qemu's IDE device model.
It leads to Qemu's memory corruption via buffer overwrite(4 bytes). It occurs
while executing IDE SMART commands.
A privileged guest user could use this flaw to corrupt qemu process' memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the qemu process.
CVE-2014-2894 was assigned to this issue.
Affected code streams:
bugbot adjusting priority
Bruce, you submitted this fix to SP3 / kvm, but without a bugzilla number.,
please resubmit with bugzilla number.
I'll take care of it.
At the time there was no Bugzilla entry for the CVE yet, and I wanted to include it in the pending maintenance update.
SP3 kvm: https://build.suse.de/request/show/36722
The SWAMPID for this issue is 57292.
This issue was rated as moderate.
Please submit fixed packages until 2014-05-23.
When done, please reassign the bug to firstname.lastname@example.org.
Patchinfo will be handled by security team.
Update released for: kvm, kvm-debuginfo, kvm-debugsource
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, s390x, x86_64)
SUSE-SU-2014:0816-1: An update that solves two vulnerabilities and has 20 fixes is now available.
Category: security (moderate)
Bug References: 864391,864649,864650,864653,864655,864665,864671,864673,864678,864682,864769,864796,864801,864802,864804,864805,864811,864812,864814,873235,874749,874788
CVE References: CVE-2014-0150,CVE-2014-2894
SUSE Linux Enterprise Server 11 SP3 (src): kvm-1.4.2-0.15.2
SUSE Linux Enterprise Desktop 11 SP3 (src): kvm-1.4.2-0.15.2