CVE-2014-7840

QEMU < 2.1.3 - Remote Code Execution via Crafted SaveVM Data

Title source: llm
STIX 2.1

Description

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

References (6)

Core 6
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0624.html
Broken Link mailing-list x_refsource_mlist
http://thread.gmane.org/gmane.comp.emulators.qemu/306117
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0349.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99194
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1163075

Scores

EPSS 0.0245
EPSS Percentile 85.4%

Details

CWE
CWE-20
Status published
Products (14)
qemu/qemu < 2.1.3
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_eus 7.3
redhat/enterprise_linux_eus 7.4
redhat/enterprise_linux_eus 7.5
redhat/enterprise_linux_eus 7.6
redhat/enterprise_linux_eus 7.7
redhat/enterprise_linux_server 7.0
redhat/enterprise_linux_server_aus 7.3
redhat/enterprise_linux_server_aus 7.4
... and 4 more
Published Dec 12, 2014
Tracked Since Feb 18, 2026