CVE-2014-5388

QEMU - Info Disclosure

Title source: llm

Description

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.

References (6)

[Patch, Third Party Advisory] https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html

[Mailing List, Patch, Third Party Advisory] http://seclists.org/oss-sec/2014/q3/438

[Mailing List, Third Party Advisory] http://seclists.org/oss-sec/2014/q3/440

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1132956

[Third Party Advisory] http://www.ubuntu.com/usn/USN-2409-1

[Patch] http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16

Scores

EPSS 0.0011

EPSS Percentile 29.2%

Details

CWE

CWE-193

Status published

Products (5)

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 14.10

qemu/qemu < 2.1.3

Published Nov 15, 2014

Tracked Since Feb 18, 2026