fkie_cve-2014-9718
Vulnerability from fkie_nvd
Published
2015-04-21 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8
secalert@redhat.comhttp://openwall.com/lists/oss-security/2015/04/20/7
secalert@redhat.comhttp://www.debian.org/security/2015/dsa-3259
secalert@redhat.comhttp://www.securityfocus.com/bid/73316
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2015/04/20/7
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3259
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/73316
Impacted products
Vendor Product Version
debian debian_linux 8.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.4.1
qemu qemu 1.4.2
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.1
qemu qemu 1.5.2
qemu qemu 1.5.3
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.1
qemu qemu 1.6.2
qemu qemu 1.7.1
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.2
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.1
qemu qemu 2.1.2
qemu qemu 2.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E66599D-9EC4-409C-BD26-62EC3B001984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1CF80F8D-5402-4AA6-ABB1-EEBD8EA0BBDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "92FE0592-3611-4F93-A0B2-73ADFBF87FB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "795EDF48-6FE0-4DE7-A57F-632BF0043677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "17B83487-28EC-4EF0-9703-BD86384C1276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15A780B6-2BF3-480C-A519-16D1BFF2FC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8771F32-FFD2-43BD-B660-2CA8F6C41C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "01E89E31-F32D-4035-8923-7A5728E75DDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "436BABC6-3D1C-4945-AADF-ED4D7C686E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "C3307CBF-525D-4F66-A7A6-B0B273C0BD7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "E0A03725-CE1B-451F-8E14-9168E417692C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B3B915-1606-48E4-9EFC-BD9D6A6D404A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA86C99D-E544-471F-8F8E-94525E600132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "998961D0-6B1E-4237-AFC3-2E1E4D90BDE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "35B1E3F1-4647-47FF-9546-0742F10B607B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0147F4B2-0591-4681-AE24-975AB6A349D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "97757FF0-D0D6-4BFE-811A-6398D8520D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F126B1-284B-4B3A-8540-1498628C46F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8D5F0C-85F5-46D1-B77C-4A7CCE2D69B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "508383F4-B6EE-4C64-AE63-209EA87DF557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A7593-FAC0-4336-84AF-EC367059D5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1E8BE223-9122-416D-AA1D-694B19C80A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "331C6EE9-9DA2-4FE1-8446-C9CC21353332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "383C575E-724D-4F97-9E0C-CDE50499C3D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC5BC38-FFBD-4484-943D-47A0AADD20B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FC829F-2AC7-4CB5-8F03-967906DE9028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB18C9B-B1D6-44A6-A1E9-3D258DE797B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4745807B-A01D-41AE-8996-495176489A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "D583599F-AE5E-40E4-8489-62FD1D0A7845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DE70D9B7-F422-455F-8413-CF34342B22AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E3946C39-A3D1-4E2B-9C7D-0654D9A644EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7F858FD1-58A3-46ED-A3C6-64ECEDF8E458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3C61AE3-16C8-4EC6-B33D-7E331BEA8F0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A47A306F-4E42-467E-ACDA-62028DC93436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "F7AE8D2A-FD6E-447F-BDC1-6CAAA0DDB9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8E48B585-A3E2-45FC-AA92-5DB57180B7DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B0D54B9C-8C30-4186-A526-CE8AEE6252BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2F698F7-74B9-4C20-817D-1E8B92460E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "C4B9D60F-DC78-4270-A41D-3C29FF53F4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFAF4478-81BE-4891-8C13-0A8D8FEE46A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E873593D-95A1-4D69-800C-A8DB6A4C26E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9136A0D4-8334-4AC8-9267-8AC8397122CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function\u0027s return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions."
    },
    {
      "lang": "es",
      "value": "Las interfaces (1) BMDMA y (2) AHCI HBA en la funcionalidad IDE en QEMU 1.0 hasta 2.1.3 tienen m\u00faltiples interpretaciones del valor de retorno de una funci\u00f3n, lo que permite a usarios del sistema operativo invitado causar una denegaci\u00f3n de servicio en el sistema operativo del anfitri\u00f3n (corrupci\u00f3n de memoria o bucle infinito, y ca\u00edda del sistema) a trav\u00e9s de un PRDT sin ningun sector completo, relacionado con las funciones bmdma_prepare_buf y ahci_dma_prepare_buf."
    }
  ],
  "id": "CVE-2014-9718",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-21T16:59:00.077",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2015/04/20/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2015/dsa-3259"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/73316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2015/04/20/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73316"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.