usn-2342-1
Vulnerability from osv_ubuntu
Published
2014-09-08 17:35
Modified
2026-02-10 04:40
Summary
qemu, qemu-kvm vulnerabilities
Details

Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461)

Kevin Wolf, Stefan Hajnoczi, Fam Zheng, Jeff Cody, Stefan Hajnoczi, and others discovered multiple issues in the QEMU block drivers. An attacker able to modify disk images could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223)

It was discovered that QEMU incorrectly handled certain PCIe bus hotplug operations. A malicious guest could use this issue to crash the QEMU host, resulting in a denial of service. (CVE-2014-3471)

References
https://ubuntu.com/security/notices/USN-2342-1 ADVISORY
https://ubuntu.com/security/CVE-2013-4148 REPORT
https://ubuntu.com/security/CVE-2013-4149 REPORT
https://ubuntu.com/security/CVE-2013-4150 REPORT
https://ubuntu.com/security/CVE-2013-4151 REPORT
https://ubuntu.com/security/CVE-2013-4526 REPORT
https://ubuntu.com/security/CVE-2013-4527 REPORT
https://ubuntu.com/security/CVE-2013-4529 REPORT
https://ubuntu.com/security/CVE-2013-4530 REPORT
https://ubuntu.com/security/CVE-2013-4531 REPORT
https://ubuntu.com/security/CVE-2013-4532 REPORT
https://ubuntu.com/security/CVE-2013-4533 REPORT
https://ubuntu.com/security/CVE-2013-4534 REPORT
https://ubuntu.com/security/CVE-2013-4535 REPORT
https://ubuntu.com/security/CVE-2013-4536 REPORT
https://ubuntu.com/security/CVE-2013-4537 REPORT
https://ubuntu.com/security/CVE-2013-4538 REPORT
https://ubuntu.com/security/CVE-2013-4539 REPORT
https://ubuntu.com/security/CVE-2013-4540 REPORT
https://ubuntu.com/security/CVE-2013-4541 REPORT
https://ubuntu.com/security/CVE-2013-4542 REPORT
https://ubuntu.com/security/CVE-2013-6399 REPORT
https://ubuntu.com/security/CVE-2014-0142 REPORT
https://ubuntu.com/security/CVE-2014-0143 REPORT
https://ubuntu.com/security/CVE-2014-0144 REPORT
https://ubuntu.com/security/CVE-2014-0145 REPORT
https://ubuntu.com/security/CVE-2014-0146 REPORT
https://ubuntu.com/security/CVE-2014-0147 REPORT
https://ubuntu.com/security/CVE-2014-0182 REPORT
https://ubuntu.com/security/CVE-2014-0222 REPORT
https://ubuntu.com/security/CVE-2014-0223 REPORT
https://ubuntu.com/security/CVE-2014-3461 REPORT
https://ubuntu.com/security/CVE-2014-3471 REPORT

{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2013-4148",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4149",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4150",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4151",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4526",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4527",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4529",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4530",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4531",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4532",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4533",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4534",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4535",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4536",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4537",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4538",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4539",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4540",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4541",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-4542",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2013-6399",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-0182",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-0222",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-0223",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-3461",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-3471",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "qemu",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-common",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-guest-agent",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-keymaps",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-kvm",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-system",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-system-aarch64",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-system-arm",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-system-common",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-system-mips",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-system-misc",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-system-ppc",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-system-sparc",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-system-x86",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-user",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-user-static",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          },
          {
            "binary_name": "qemu-utils",
            "binary_version": "2.0.0+dfsg-2ubuntu1.3"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "qemu",
        "purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.3?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0+dfsg-2ubuntu1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.5.0+dfsg-3ubuntu5",
        "1.5.0+dfsg-3ubuntu6",
        "1.6.0+dfsg-2ubuntu1",
        "1.6.0+dfsg-2ubuntu2",
        "1.6.0+dfsg-2ubuntu3",
        "1.6.0+dfsg-2ubuntu4",
        "1.7.0+dfsg-2ubuntu1",
        "1.7.0+dfsg-2ubuntu2",
        "1.7.0+dfsg-2ubuntu3",
        "1.7.0+dfsg-2ubuntu4",
        "1.7.0+dfsg-2ubuntu5",
        "1.7.0+dfsg-2ubuntu7",
        "1.7.0+dfsg-2ubuntu8",
        "1.7.0+dfsg-2ubuntu9",
        "1.7.0+dfsg-3ubuntu1~ppa1",
        "1.7.0+dfsg-3ubuntu1",
        "1.7.0+dfsg-3ubuntu2",
        "1.7.0+dfsg-3ubuntu3",
        "1.7.0+dfsg-3ubuntu4",
        "1.7.0+dfsg-3ubuntu5",
        "1.7.0+dfsg-3ubuntu6",
        "1.7.0+dfsg-3ubuntu7",
        "2.0.0~rc1+dfsg-0ubuntu1",
        "2.0.0~rc1+dfsg-0ubuntu2",
        "2.0.0~rc1+dfsg-0ubuntu3",
        "2.0.0~rc1+dfsg-0ubuntu3.1",
        "2.0.0+dfsg-2ubuntu1",
        "2.0.0+dfsg-2ubuntu1.1",
        "2.0.0+dfsg-2ubuntu1.2"
      ]
    }
  ],
  "aliases": [],
  "details": "Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple\nissues with QEMU state loading after migration. An attacker able to modify\nthe state data could use these issues to cause a denial of service, or\npossibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149,\nCVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529,\nCVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534,\nCVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539,\nCVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182,\nCVE-2014-3461)\n\nKevin Wolf, Stefan Hajnoczi, Fam Zheng, Jeff Cody, Stefan Hajnoczi, and\nothers discovered multiple issues in the QEMU block drivers. An attacker\nable to modify disk images could use these issues to cause a denial of\nservice, or possibly execute arbitrary code. (CVE-2014-0142, CVE-2014-0143,\nCVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222,\nCVE-2014-0223)\n\nIt was discovered that QEMU incorrectly handled certain PCIe bus hotplug\noperations. A malicious guest could use this issue to crash the QEMU host,\nresulting in a denial of service. (CVE-2014-3471)\n",
  "id": "USN-2342-1",
  "modified": "2026-02-10T04:40:50Z",
  "published": "2014-09-08T17:35:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-2342-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4148"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4149"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4150"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4151"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4526"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4527"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4529"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4530"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4531"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4532"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4533"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4534"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4535"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4536"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4537"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4538"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4539"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4540"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4541"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-4542"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2013-6399"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-0142"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-0143"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-0144"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-0145"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-0146"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-0147"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-0182"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-0222"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-0223"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-3461"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-3471"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "qemu, qemu-kvm vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2013-4148",
    "UBUNTU-CVE-2013-4149",
    "UBUNTU-CVE-2013-4150",
    "UBUNTU-CVE-2013-4151",
    "UBUNTU-CVE-2013-4526",
    "UBUNTU-CVE-2013-4527",
    "UBUNTU-CVE-2013-4529",
    "UBUNTU-CVE-2013-4530",
    "UBUNTU-CVE-2013-4531",
    "UBUNTU-CVE-2013-4532",
    "UBUNTU-CVE-2013-4533",
    "UBUNTU-CVE-2013-4534",
    "UBUNTU-CVE-2013-4535",
    "UBUNTU-CVE-2013-4536",
    "UBUNTU-CVE-2013-4537",
    "UBUNTU-CVE-2013-4538",
    "UBUNTU-CVE-2013-4539",
    "UBUNTU-CVE-2013-4540",
    "UBUNTU-CVE-2013-4541",
    "UBUNTU-CVE-2013-4542",
    "UBUNTU-CVE-2013-6399",
    "UBUNTU-CVE-2014-0142",
    "UBUNTU-CVE-2014-0143",
    "UBUNTU-CVE-2014-0144",
    "UBUNTU-CVE-2014-0145",
    "UBUNTU-CVE-2014-0146",
    "UBUNTU-CVE-2014-0147",
    "UBUNTU-CVE-2014-0182",
    "UBUNTU-CVE-2014-0222",
    "UBUNTU-CVE-2014-0223",
    "UBUNTU-CVE-2014-3461",
    "UBUNTU-CVE-2014-3471"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…