UBUNTU-CVE-2014-0148

Source
https://ubuntu.com/security/CVE-2014-0148
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-0148.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-0148
Related
Published
2022-09-29T03:15:00Z
Modified
2022-09-29T03:15:00Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for blocksize and logicalsectorsize variables. These are used to derive other fields like 'sectorsper_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.

References

Affected packages

Ubuntu:14.04:LTS / qemu

Package

Name
qemu
Purl
pkg:deb/ubuntu/qemu?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0~rc1+dfsg-0ubuntu3

Affected versions

1.*

1.5.0+dfsg-3ubuntu5
1.5.0+dfsg-3ubuntu6
1.6.0+dfsg-2ubuntu1
1.6.0+dfsg-2ubuntu2
1.6.0+dfsg-2ubuntu3
1.6.0+dfsg-2ubuntu4
1.7.0+dfsg-2ubuntu1
1.7.0+dfsg-2ubuntu2
1.7.0+dfsg-2ubuntu3
1.7.0+dfsg-2ubuntu4
1.7.0+dfsg-2ubuntu5
1.7.0+dfsg-2ubuntu7
1.7.0+dfsg-2ubuntu8
1.7.0+dfsg-2ubuntu9
1.7.0+dfsg-3ubuntu1~ppa1
1.7.0+dfsg-3ubuntu1
1.7.0+dfsg-3ubuntu2
1.7.0+dfsg-3ubuntu3
1.7.0+dfsg-3ubuntu4
1.7.0+dfsg-3ubuntu5
1.7.0+dfsg-3ubuntu6
1.7.0+dfsg-3ubuntu7

2.*

2.0.0~rc1+dfsg-0ubuntu1
2.0.0~rc1+dfsg-0ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-common"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-guest-agent"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-keymaps"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-kvm"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-system"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-system-aarch64"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-system-arm"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-system-common"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-system-mips"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-system-misc"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-system-ppc"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-system-sparc"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-system-x86"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-user"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-user-static"
        },
        {
            "binary_version": "2.0.0~rc1+dfsg-0ubuntu3",
            "binary_name": "qemu-utils"
        }
    ]
}