CVE-2014-0147: Integer Overflow
First published: Thu Mar 20 2014(Updated: )
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU KVM | <1.6.2 | |
| Fedoraproject Fedora | =20 | |
| Redhat Virtualization | =3.0 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Eus | =6.5 | |
| Redhat Enterprise Linux Openstack Platform | =5 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =6.5 | |
| Red Hat Enterprise Linux Server | =6.5 | |
| Redhat Enterprise Linux Workstation | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.qemu.org/?p=qemu.git;a=commit;h=b106ad9185f35fc4ad669555ad0e79e276083bd7
- http://git.qemu.org/?p=qemu.git;a=commit;h=246f65838d19db6db55bfb41117c35645a2c4789
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1086717
- https://rhn.redhat.com/errata/RHSA-2014-0421.html
- https://rhn.redhat.com/errata/RHSA-2014-0420.html
- https://rhn.redhat.com/errata/RHSA-2014-0435.html
- https://rhn.redhat.com/errata/RHSA-2014-0434.html
- https://rhn.redhat.com/errata/RHSA-2014-0674.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1078848
- http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789
- http://rhn.redhat.com/errata/RHSA-2014-0420.html
- http://rhn.redhat.com/errata/RHSA-2014-0421.html
- http://www.openwall.com/lists/oss-security/2014/03/26/8
- https://bugzilla.redhat.com/show_bug.cgi?id=1086717
Frequently Asked Questions
What is CVE-2014-0147?
CVE-2014-0147 is a vulnerability in Qemu which allows for a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots.
What software is affected by CVE-2014-0147?
Qemu versions before 1.6.2, Fedoraproject Fedora 20, Redhat Virtualization 3.0, Redhat Enterprise Linux Desktop 6.0, Redhat Enterprise Linux Eus 6.5, Redhat Enterprise Linux Openstack Platform 5, Redhat Enterprise Linux Server 6.0, Redhat Enterprise Linux Server Aus 6.5, and Redhat Enterprise Linux Server Tus 6.5 are affected by CVE-2014-0147.
What is the severity of CVE-2014-0147?
CVE-2014-0147 has a severity level of medium with a CVSS score of 6.2.
How can I fix CVE-2014-0147?
Update your Qemu software to version 1.6.2 or later to fix CVE-2014-0147.
Where can I find more information about CVE-2014-0147?
You can find more information about CVE-2014-0147 at the following links: [link1], [link2], [link3].
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0147
- agent/trending
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/qemu
- canonical/qemu kvm
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/20
- vendor/redhat
- canonical/redhat virtualization
- version/redhat virtualization/3.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/6.5
- canonical/redhat enterprise linux openstack platform
- version/redhat enterprise linux openstack platform/5
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/6.5
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0