8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.079 Low
EPSS
Percentile
94.2%
Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple
issues with QEMU state loading after migration. An attacker able to modify
the state data could use these issues to cause a denial of service, or
possibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149,
CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529,
CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534,
CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539,
CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182,
CVE-2014-3461)
Kevin Wolf, Stefan Hajnoczi, Fam Zheng, Jeff Cody, Stefan Hajnoczi, and
others discovered multiple issues in the QEMU block drivers. An attacker
able to modify disk images could use these issues to cause a denial of
service, or possibly execute arbitrary code. (CVE-2014-0142, CVE-2014-0143,
CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222,
CVE-2014-0223)
It was discovered that QEMU incorrectly handled certain PCIe bus hotplug
operations. A malicious guest could use this issue to crash the QEMU host,
resulting in a denial of service. (CVE-2014-3471)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 14.04 | noarch | qemu-system | < 2.0.0+dfsg-2ubuntu1.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | qemu | < 2.0.0+dfsg-2ubuntu1.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | qemu-guest-agent | < 2.0.0+dfsg-2ubuntu1.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | qemu-kvm | < 2.0.0+dfsg-2ubuntu1.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | qemu-system-arm | < 2.0.0+dfsg-2ubuntu1.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | qemu-system-common | < 2.0.0+dfsg-2ubuntu1.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | qemu-system-mips | < 2.0.0+dfsg-2ubuntu1.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | qemu-system-misc | < 2.0.0+dfsg-2ubuntu1.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | qemu-system-ppc | < 2.0.0+dfsg-2ubuntu1.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | qemu-system-sparc | < 2.0.0+dfsg-2ubuntu1.3 | UNKNOWN |
ubuntu.com/security/CVE-2013-4148
ubuntu.com/security/CVE-2013-4149
ubuntu.com/security/CVE-2013-4150
ubuntu.com/security/CVE-2013-4151
ubuntu.com/security/CVE-2013-4526
ubuntu.com/security/CVE-2013-4527
ubuntu.com/security/CVE-2013-4529
ubuntu.com/security/CVE-2013-4530
ubuntu.com/security/CVE-2013-4531
ubuntu.com/security/CVE-2013-4532
ubuntu.com/security/CVE-2013-4533
ubuntu.com/security/CVE-2013-4534
ubuntu.com/security/CVE-2013-4535
ubuntu.com/security/CVE-2013-4536
ubuntu.com/security/CVE-2013-4537
ubuntu.com/security/CVE-2013-4538
ubuntu.com/security/CVE-2013-4539
ubuntu.com/security/CVE-2013-4540
ubuntu.com/security/CVE-2013-4541
ubuntu.com/security/CVE-2013-4542
ubuntu.com/security/CVE-2013-6399
ubuntu.com/security/CVE-2014-0142
ubuntu.com/security/CVE-2014-0143
ubuntu.com/security/CVE-2014-0144
ubuntu.com/security/CVE-2014-0145
ubuntu.com/security/CVE-2014-0146
ubuntu.com/security/CVE-2014-0147
ubuntu.com/security/CVE-2014-0182
ubuntu.com/security/CVE-2014-0222
ubuntu.com/security/CVE-2014-0223
ubuntu.com/security/CVE-2014-3461
ubuntu.com/security/CVE-2014-3471
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.079 Low
EPSS
Percentile
94.2%