CVE-2014-7840: Input Validation
First published: Wed Nov 12 2014(Updated: )
During migration, the values read from migration stream during ram load are not validated. Especially offset in host_from_stream_offset() and also the length of the writes in the callers of the said function. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Acknowledgements: This issue was discovered by Michael S. Tsirkin of Red Hat.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU KVM | <=2.1.3 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Eus | =7.3 | |
| Redhat Enterprise Linux Eus | =7.4 | |
| Redhat Enterprise Linux Eus | =7.5 | |
| Redhat Enterprise Linux Eus | =7.6 | |
| Redhat Enterprise Linux Eus | =7.7 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.7 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Redhat Virtualization | =3.0 | |
| Red Hat Enterprise Linux | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/support/policy/updates/errata/
- http://thread.gmane.org/gmane.comp.emulators.qemu/306117
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1163080
- http://git.qemu.org/?p=qemu.git;a=commit;h=0be839a2701369f669532ea5884c15bead1c6e08
- https://rhn.redhat.com/errata/RHSA-2015-0349.html
- https://rhn.redhat.com/errata/RHSA-2015-0624.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1163075
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08
- http://rhn.redhat.com/errata/RHSA-2015-0349.html
- http://rhn.redhat.com/errata/RHSA-2015-0624.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99194
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-7840
- agent/trending
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/qemu
- canonical/qemu kvm
- version/qemu kvm/2.1.3
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/7.3
- version/redhat enterprise linux eus/7.4
- version/redhat enterprise linux eus/7.5
- version/redhat enterprise linux eus/7.6
- version/redhat enterprise linux eus/7.7
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.3
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.6
- version/red hat enterprise linux server/7.7
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- canonical/redhat virtualization
- version/redhat virtualization/3.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0