usn-2342-1
Vulnerability from osv_ubuntu
Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461)
Kevin Wolf, Stefan Hajnoczi, Fam Zheng, Jeff Cody, Stefan Hajnoczi, and others discovered multiple issues in the QEMU block drivers. An attacker able to modify disk images could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223)
It was discovered that QEMU incorrectly handled certain PCIe bus hotplug operations. A malicious guest could use this issue to crash the QEMU host, resulting in a denial of service. (CVE-2014-3471)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2013-4148",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4149",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4150",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4151",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4526",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4527",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4529",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4530",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4531",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4532",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4533",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4534",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4535",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4536",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4537",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4538",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4539",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4540",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4541",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-4542",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2013-6399",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-0182",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-0222",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-0223",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-3461",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-3471",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-keymaps",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-kvm",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-system",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-system-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-user",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-user-static",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
},
{
"binary_name": "qemu-utils",
"binary_version": "2.0.0+dfsg-2ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.3?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0+dfsg-2ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.0+dfsg-3ubuntu5",
"1.5.0+dfsg-3ubuntu6",
"1.6.0+dfsg-2ubuntu1",
"1.6.0+dfsg-2ubuntu2",
"1.6.0+dfsg-2ubuntu3",
"1.6.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu1",
"1.7.0+dfsg-2ubuntu2",
"1.7.0+dfsg-2ubuntu3",
"1.7.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu5",
"1.7.0+dfsg-2ubuntu7",
"1.7.0+dfsg-2ubuntu8",
"1.7.0+dfsg-2ubuntu9",
"1.7.0+dfsg-3ubuntu1~ppa1",
"1.7.0+dfsg-3ubuntu1",
"1.7.0+dfsg-3ubuntu2",
"1.7.0+dfsg-3ubuntu3",
"1.7.0+dfsg-3ubuntu4",
"1.7.0+dfsg-3ubuntu5",
"1.7.0+dfsg-3ubuntu6",
"1.7.0+dfsg-3ubuntu7",
"2.0.0~rc1+dfsg-0ubuntu1",
"2.0.0~rc1+dfsg-0ubuntu2",
"2.0.0~rc1+dfsg-0ubuntu3",
"2.0.0~rc1+dfsg-0ubuntu3.1",
"2.0.0+dfsg-2ubuntu1",
"2.0.0+dfsg-2ubuntu1.1",
"2.0.0+dfsg-2ubuntu1.2"
]
}
],
"aliases": [],
"details": "Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple\nissues with QEMU state loading after migration. An attacker able to modify\nthe state data could use these issues to cause a denial of service, or\npossibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149,\nCVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529,\nCVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534,\nCVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539,\nCVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182,\nCVE-2014-3461)\n\nKevin Wolf, Stefan Hajnoczi, Fam Zheng, Jeff Cody, Stefan Hajnoczi, and\nothers discovered multiple issues in the QEMU block drivers. An attacker\nable to modify disk images could use these issues to cause a denial of\nservice, or possibly execute arbitrary code. (CVE-2014-0142, CVE-2014-0143,\nCVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222,\nCVE-2014-0223)\n\nIt was discovered that QEMU incorrectly handled certain PCIe bus hotplug\noperations. A malicious guest could use this issue to crash the QEMU host,\nresulting in a denial of service. (CVE-2014-3471)\n",
"id": "USN-2342-1",
"modified": "2026-02-10T04:40:50Z",
"published": "2014-09-08T17:35:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2342-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4148"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4149"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4150"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4151"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4526"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4527"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4529"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4530"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4531"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4532"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4533"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4534"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4535"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4536"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4537"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4538"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4539"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4540"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4541"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-4542"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-6399"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-0142"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-0143"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-0144"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-0145"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-0146"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-0147"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-0182"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-0222"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-0223"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-3461"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-3471"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "qemu, qemu-kvm vulnerabilities",
"upstream": [
"UBUNTU-CVE-2013-4148",
"UBUNTU-CVE-2013-4149",
"UBUNTU-CVE-2013-4150",
"UBUNTU-CVE-2013-4151",
"UBUNTU-CVE-2013-4526",
"UBUNTU-CVE-2013-4527",
"UBUNTU-CVE-2013-4529",
"UBUNTU-CVE-2013-4530",
"UBUNTU-CVE-2013-4531",
"UBUNTU-CVE-2013-4532",
"UBUNTU-CVE-2013-4533",
"UBUNTU-CVE-2013-4534",
"UBUNTU-CVE-2013-4535",
"UBUNTU-CVE-2013-4536",
"UBUNTU-CVE-2013-4537",
"UBUNTU-CVE-2013-4538",
"UBUNTU-CVE-2013-4539",
"UBUNTU-CVE-2013-4540",
"UBUNTU-CVE-2013-4541",
"UBUNTU-CVE-2013-4542",
"UBUNTU-CVE-2013-6399",
"UBUNTU-CVE-2014-0142",
"UBUNTU-CVE-2014-0143",
"UBUNTU-CVE-2014-0144",
"UBUNTU-CVE-2014-0145",
"UBUNTU-CVE-2014-0146",
"UBUNTU-CVE-2014-0147",
"UBUNTU-CVE-2014-0182",
"UBUNTU-CVE-2014-0222",
"UBUNTU-CVE-2014-0223",
"UBUNTU-CVE-2014-3461",
"UBUNTU-CVE-2014-3471"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.