CVE-2014-0142

Published: 26 March 2014

QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	saucy	Ignored (end of life)
	trusty	Not vulnerable (2.0.0~rc1+dfsg-0ubuntu3)
	upstream	Released (1.7.2, 2.0)
	Patches: other: https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=8e53abbc20d08ae3ec30c2054e1161314ad9501d upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=5e71dfad763d67bb64be79e20e93411c0c30ad25 upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=9302e863aa8baa5d932fc078967050c055fa1a7f upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=28ec11bc882387e51c7450558af5a49b8be95a36 upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=715c3f60efa9801a777a71cd06eaf8efa7eaa2a8
qemu-kvm Launchpad, Ubuntu, Debian	lucid	Released (0.12.3+noroms-0ubuntu9.24)
	precise	Released (1.0+noroms-0ubuntu14.17)
	quantal	Ignored (end of life)
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	Patches: other: https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742730

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›