CVE-2014-0144

HIGH

QEMU < 2.0.0 - Remote Code Execution via Block Driver Input Validation Flaws

Title source: llm
STIX 2.1

Description

QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.

References (15)

Core 15
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1079240
Third Party Advisory x_refsource_misc
http://rhn.redhat.com/errata/RHSA-2014-0420.html
Third Party Advisory x_refsource_misc
http://rhn.redhat.com/errata/RHSA-2014-0421.html
Various Sources x_refsource_misc
https://www.vulnerabilitycenter.com/#%21vul=44767

Scores

CVSS v3 8.6
EPSS 0.0064
EPSS Percentile 70.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (9)
qemu/qemu < 2.0.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_eus 6.5
redhat/enterprise_linux_openstack_platform 5
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server_aus 6.5
redhat/enterprise_linux_server_tus 6.5
redhat/enterprise_linux_workstation 6.0
redhat/virtualization 3.0
Published Sep 29, 2022
Tracked Since Feb 18, 2026