SUSE CVE-2014-9718

The 1 BMDMA and 2 AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service memory consumption or infinite loop, and system crash via a PRDT with zero complete...

Qemu: ide: ahci use-after-free vulnerability in aio port commands

A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing NCQ AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU proces...

CVE-2014-9718

CVE-2014-9718 affects QEMU 1.0–2.1.3 (IDE: BMDMA and AHCI HBA). The vulnerability comes from multiple interpretations of a function return value in bmdma_prepare_buf/ahci_dma_prepare_buf, allowing a guest OS user to trigger host DoS via a PRDT with zero complete sectors, potentially causing memor...

QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART

Off-by-one error in the cmdsmart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption...