[Secure-testing-team] Bug#745157: guest-triggerable out-of-bounds buffer access via IDE SMART command (CVE-2014-2894)

Michael Tokarev mjt at tls.msk.ru
Fri Apr 18 15:00:26 UTC 2014


Package: qemu-system, qemu-kvm
Version: 1.1.2+dfsg-1
Severity: serious
Tags: security upstream patch wheezy jessie

CVE-2014-2894, a guest-triggerable out of bounds memory access using
IDE SMART commands.  This can lead to qemu process memory corruption
and potentially (unlikely) to invalid code execution with host qemu
process privileges.

Introduced past 2009.  Qemu 0.12 (on squeeze, oldstable) is not affected,
wheezy/stable and current testing are affected, fixed in upstream 2.0
which is currently in sid.

/mjt



More information about the Secure-testing-team mailing list