4.6

CVE-2014-5388

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.1.3
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version14.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.31
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

http://www.ubuntu.com/usn/USN-2409-1
Third Party Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16
http://seclists.org/oss-sec/2014/q3/438
Patch
Third Party Advisory
Mailing List
http://seclists.org/oss-sec/2014/q3/440
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1132956
Third Party Advisory
Issue Tracking
https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html
Patch
Third Party Advisory