Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2014-0147 First vendor Publication 2022-09-29
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 6.2
Base Score 6.2 Environmental Score 6.2
impact SubScore 3.6 Temporal Score 6.2
Exploitabality Sub Score 2.5
 
Attack Vector Local Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0147

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:25403
 
Oval ID: oval:org.mitre.oval:def:25403
Title: SUSE-SU-2014:0623-1 -- Security update for kvm
Description: The QEMU embedded within KVM received various security fixes. Various issues in the block layer have been fixed: * A virtio security issue in config io space handling (CVE-2013-2016). * A SCSI report LUNs buffer overflow (CVE-2013-4344). * A buffer overflow in the QEMU USB stack (CVE-2013-4541).
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0623-1
CVE-2013-2016
CVE-2013-4344
CVE-2013-4541
CVE-2014-0142
CVE-2014-0143
CVE-2014-0144
CVE-2014-0145
CVE-2014-0146
CVE-2014-0147
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
 Product(s): kvm
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 116
Application 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1

Nessus® Vulnerability Scanner

Date Description
2015-03-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-061.nasl - Type : ACT_GATHER_INFO
2014-11-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-220.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0421.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0674.nasl - Type : ACT_GATHER_INFO
2014-10-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3044.nasl - Type : ACT_GATHER_INFO
2014-10-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3045.nasl - Type : ACT_GATHER_INFO
2014-09-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2342-1.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-17.nasl - Type : ACT_GATHER_INFO
2014-05-09 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_kvm-140416.nasl - Type : ACT_GATHER_INFO
2014-05-02 Name : The remote Fedora host is missing a security update.
File : fedora_2014-5825.nasl - Type : ACT_GATHER_INFO
2014-04-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0420.nasl - Type : ACT_GATHER_INFO
2014-04-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0420.nasl - Type : ACT_GATHER_INFO
2014-04-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0420.nasl - Type : ACT_GATHER_INFO
2014-04-23 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140422_qemu_kvm_on_SL6_x.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb4111...
http://rhn.redhat.com/errata/RHSA-2014-0420.html
http://rhn.redhat.com/errata/RHSA-2014-0421.html
http://www.openwall.com/lists/oss-security/2014/03/26/8
https://bugzilla.redhat.com/show_bug.cgi?id=1078848
https://bugzilla.redhat.com/show_bug.cgi?id=1086717
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Date Informations
2024-11-28 12:38:26
  • Multiple Updates
2024-08-02 12:26:31
  • Multiple Updates
2024-08-02 01:07:56
  • Multiple Updates
2024-02-02 01:25:47
  • Multiple Updates
2024-02-01 12:07:39
  • Multiple Updates
2023-09-05 12:24:25
  • Multiple Updates
2023-09-05 01:07:33
  • Multiple Updates
2023-09-02 12:24:23
  • Multiple Updates
2023-09-02 01:07:39
  • Multiple Updates
2023-08-12 12:26:36
  • Multiple Updates
2023-08-12 01:07:10
  • Multiple Updates
2023-08-11 12:22:30
  • Multiple Updates
2023-08-11 01:07:19
  • Multiple Updates
2023-08-06 12:21:54
  • Multiple Updates
2023-08-06 01:07:08
  • Multiple Updates
2023-08-04 12:21:56
  • Multiple Updates
2023-08-04 01:07:12
  • Multiple Updates
2023-07-14 12:21:54
  • Multiple Updates
2023-07-14 01:07:11
  • Multiple Updates
2023-03-29 01:23:51
  • Multiple Updates
2023-03-28 12:07:32
  • Multiple Updates
2023-02-13 05:27:32
  • Multiple Updates
2022-10-11 05:27:16
  • Multiple Updates
2022-10-11 01:07:20
  • Multiple Updates
2022-10-04 00:27:10
  • Multiple Updates
2022-09-30 02:11:22
  • Multiple Updates
2022-09-30 01:17:17
  • Multiple Updates
2022-09-29 21:27:10
  • Multiple Updates
2022-09-29 09:27:13
  • First insertion