Lucene search
GoogleOSV:DSA-2933-1HistoryMay 19, 2014 - 12:00 a.m.
qemu-kvm - security update
2014-05-1900:00:00
Google
osv.dev
10
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware.
- CVE-2013-4344
Buffer overflow in the SCSI implementation in QEMU,
when a SCSI controller has more than 256 attached devices, allows
local users to gain privileges via a small transfer buffer in a
REPORT LUNS command. - CVE-2014-2894
Off-by-one error in the cmd_smart function in the smart self test in
hw/ide/core.c in QEMU allows local users to have
unspecified impact via a SMART EXECUTE OFFLINE command that triggers
a buffer underflow and memory corruption.
For the stable distribution (wheezy), these problems have been fixed in
version 1.1.2+dfsg-6+deb7u3.
We recommend that you upgrade your qemu-kvm packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| qemu-kvm | eq | 1.1.2+dfsg-6 | |
| qemu-kvm | eq | 1.1.2+dfsg-6+deb7u2 | |
| qemu-kvm | eq | 1.1.2+dfsg-6+deb7u1 |
References
Related
debian
debian
[SECURITY] [DSA 2932-1] qemu security update
2014-05-19 09:47:59
[SECURITY] [DSA 2933-1] qemu-kvm security update
2014-05-19 13:21:10
[SECURITY] [DSA 2932-1] qemu security update
2014-05-19 10:06:23
nessus
nessus
Debian DSA-2932-1 : qemu - security update
2014-05-20 00:00:00
Debian DSA-2933-1 : qemu-kvm - security update
2014-05-20 00:00:00
Oracle Linux 6 : qemu-kvm (ELSA-2013-1553)
2013-11-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 2933-1 (qemu-kvm - security update)
2014-05-19 00:00:00
Debian Security Advisory DSA 2932-1 (qemu - security update)
2014-05-19 00:00:00
Debian: Security Advisory (DSA-2933-1)
2014-05-18 00:00:00
osv
osv
qemu - security update
2014-05-19 00:00:00
mageia
mageia
Updated qemu package fixes security vulnerability
2013-11-22 22:49:20
Updated qemu packages fix multiple security vulnerabilities
2014-10-28 14:33:36
fedora
fedora
[SECURITY] Fedora 19 Update: qemu-1.4.2-12.fc19
2013-10-14 17:09:01
[SECURITY] Fedora 19 Update: qemu-1.4.2-12.fc19
2013-10-14 07:06:04
[SECURITY] Fedora 20 Update: qemu-1.6.0-10.fc20
2013-10-15 06:37:36
cve
cve
CVE-2013-4344
2013-10-04 17:55:00
CVE-2014-2894
2014-04-23 15:55:00
prion
prion
Buffer overflow
2013-10-04 17:55:00
Memory corruption
2014-04-23 15:55:00
ubuntucve
ubuntucve
CVE-2013-4344
2013-10-04 00:00:00
CVE-2014-2894
2014-04-23 00:00:00
oraclelinux
oraclelinux
qemu-kvm security, bug fix, and enhancement update
2013-11-21 00:00:00
qemu-kvm security and bug fix update
2014-07-23 00:00:00
qemu-kvm security and bug fix update
2014-06-10 00:00:00
redhat
redhat
cvelist
cvelist
CVE-2013-4344
2013-10-04 17:00:00
CVE-2014-2894
2014-04-23 14:00:00
centos
centos
qemu security update
2013-11-26 13:32:44
qemu security update
2014-06-11 11:37:18
veracode
veracode
Authorization Bypass
2019-01-15 08:51:30
Memory Corruption
2019-05-02 04:58:38
Arbitrary Code Execution
2019-05-02 04:58:38
debiancve
debiancve
CVE-2013-4344
2013-10-04 17:55:00
CVE-2014-2894
2014-04-23 15:55:00
xen
xen
qemu SCSI REPORT LUNS buffer overflow
2013-10-02 15:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2014-01-30 00:00:00
QEMU vulnerabilities
2014-04-28 00:00:00
securityvulns
securityvulns
[USN-2092-1] QEMU vulnerabilities
2014-02-01 00:00:00
QEMU / Xen multiple security vulnerabilities
2014-02-01 00:00:00
[USN-2182-1] QEMU vulnerabilities
2014-05-04 00:00:00
suse
suse
Security update for kvm (important)
2014-05-08 19:04:16
xen: security and bugfix update (important)
2014-10-09 13:04:44
xen: security and bugfix update (important)
2014-10-09 13:09:07
gentoo
gentoo
QEMU: Multiple vulnerabilities
2014-08-30 00:00:00
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related for OSV:DSA-2933-1