CVE-2014-8106 - OpenCVE

Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:2.1.0:::::::*
	cpe:2.3:a:qemu:qemu:2.1.0:rc0::::::
	cpe:2.3:a:qemu:qemu:2.1.0:rc1::::::
	cpe:2.3:a:qemu:qemu:2.1.0:rc2::::::
	cpe:2.3:a:qemu:qemu:2.1.0:rc3::::::
	cpe:2.3:a:qemu:qemu:2.1.0:rc5::::::
	cpe:2.3:a:qemu:qemu:2.1.1:::::::*

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html
http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html
http://rhn.redhat.com/errata/RHSA-2015-0349.html
http://rhn.redhat.com/errata/RHSA-2015-0624.html
http://rhn.redhat.com/errata/RHSA-2015-0643.html
http://rhn.redhat.com/errata/RHSA-2015-0795.html
http://rhn.redhat.com/errata/RHSA-2015-0867.html
http://rhn.redhat.com/errata/RHSA-2015-0868.html
http://rhn.redhat.com/errata/RHSA-2015-0891.html
http://secunia.com/advisories/60364
http://support.citrix.com/article/CTX200892
http://www.debian.org/security/2014/dsa-3087	Vendor Advisory
http://www.debian.org/security/2014/dsa-3088	Vendor Advisory
http://www.openwall.com/lists/oss-security/2014/12/04/8
http://www.securityfocus.com/bid/71477
https://exchange.xforce.ibmcloud.com/vulnerabilities/99126

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2014-12-08T16:00:00

Updated: 2017-09-07T15:57:01

Reserved: 2014-10-10T00:00:00

Link: CVE-2014-8106

JSON object: View

NVD Information

Status : Modified

Published: 2014-12-08T16:59:01.370

Modified: 2023-02-13T00:42:40.813

Link: CVE-2014-8106

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-01T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20141204 CVE-2014-8106 qemu: cirrus: insufficient blit region checks", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/12/04/8"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a"}, {"name": "RHSA-2015:0795", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0795.html"}, {"name": "RHSA-2015:0624", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"}, {"name": "FEDORA-2015-5482", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"}, {"name": "RHSA-2015:0891", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0891.html"}, {"name": "71477", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71477"}, {"name": "RHSA-2015:0643", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0643.html"}, {"name": "qemu-cve20148106-sec-bypass(99126)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126"}, {"name": "60364", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60364"}, {"name": "RHSA-2015:0349", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"}, {"name": "RHSA-2015:0868", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0868.html"}, {"name": "[Qemu-devel] 20141204 [PULL for-2.2 0/2] cirrus: fix blit region check (cve-2014-8106)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0"}, {"name": "DSA-3088", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3088"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX200892"}, {"name": "DSA-3087", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3087"}, {"name": "RHSA-2015:0867", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0867.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8106", "datePublished": "2014-12-08T16:00:00", "dateReserved": "2014-10-10T00:00:00", "dateUpdated": "2017-09-07T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B61730A-98E3-4FE5-BAEB-5254AC84F52F", "versionEndIncluding": "2.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A47A306F-4E42-467E-ACDA-62028DC93436", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "F7AE8D2A-FD6E-447F-BDC1-6CAAA0DDB9DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8E48B585-A3E2-45FC-AA92-5DB57180B7DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "B0D54B9C-8C30-4186-A526-CE8AEE6252BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "E2F698F7-74B9-4C20-817D-1E8B92460E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "C4B9D60F-DC78-4270-A41D-3C29FF53F4AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DFAF4478-81BE-4891-8C13-0A8D8FEE46A7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el emulador Cirrus VGA (hw/display/cirrus_vga.c) en QEMU anterior a 2.2.0 permite a usuarios locales invotados ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con las regiones blit. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2007-1320."}], "id": "CVE-2014-8106", "lastModified": "2023-02-13T00:42:40.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-08T16:59:01.370", "references": [{"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a"}, {"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"}, {"source": "secalert@redhat.com", "url": "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0643.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0795.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0867.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0868.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0891.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/60364"}, {"source": "secalert@redhat.com", "url": "http://support.citrix.com/article/CTX200892"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.debian.org/security/2014/dsa-3087"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.debian.org/security/2014/dsa-3088"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/12/04/8"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/71477"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}