CVE-2014-5263: Buffer Overflow

First published: Mon Aug 04 2014(Updated: )

It was found that vmstate_xhci_event field list was missing VMSTATE_END_OF_LIST() terminator and traversing through this list would result in out-of-bounds access during vm state saving and loading. Depending on how vmstate_xhci_event is placed in the qemu binary, this issue can range from non-issue, infinite loop to (potentially) privilege escalation in case the we end up with fields that have info and/or field_exist members initialized in a way that is useful for exploitation (most probably unlikely). In the worst case, attacker able to alter the migration data could use this flaw to to corrupt QEMU process memory. Upstream commit: <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=3afca1d6d413592c2b78cf28f52fa24a586d8f56">http://git.qemu.org/?p=qemu.git;a=commit;h=3afca1d6d413592c2b78cf28f52fa24a586d8f56</a>

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/remedy
• agent/first-publish-date
• collector/mitre-cve
• source/MITRE
• agent/references
• agent/author
• agent/last-modified-date
• agent/severity
• agent/weakness
• agent/event
• agent/description
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2014-5263
• agent/trending
• collector/nvd-index
• agent/software-canonical-lookup-request
• agent/softwarecombine
• agent/tags
• agent/source
• vendor/qemu
• canonical/qemu kvm
• version/qemu kvm/1.6.0