The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
References
Link | Resource |
---|---|
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08 | |
http://rhn.redhat.com/errata/RHSA-2015-0349.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0624.html | Third Party Advisory |
http://thread.gmane.org/gmane.comp.emulators.qemu/306117 | Broken Link |
https://bugzilla.redhat.com/show_bug.cgi?id=1163075 | Issue Tracking Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/99194 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-12-12T15:00:00
Updated: 2017-09-07T15:57:01
Reserved: 2014-10-03T00:00:00
Link: CVE-2014-7840
JSON object: View
NVD Information
Status : Modified
Published: 2014-12-12T15:59:08.073
Modified: 2023-02-13T00:42:33.533
Link: CVE-2014-7840
JSON object: View
Redhat Information
No data.
CWE