CVE-2014-7840

Published: Dec 12, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

Affected (14)

Products: Qemu: Qemu · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation, Virtualization

1 product

6 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 2.1.3

Configuration B

12 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.3
Redhat Enterprise Linux Eus	Version 7.4
Redhat Enterprise Linux Eus	Version 7.5
Redhat Enterprise Linux Eus	Version 7.6
Redhat Enterprise Linux Eus	Version 7.7
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.3
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Aus	Version 7.7
Redhat Enterprise Linux Workstation	Version 7.0

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Virtualization	Version 3.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 7.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-0349.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0624.html

Source: secalert@redhat.com

Third Party Advisory

http://thread.gmane.org/gmane.comp.emulators.qemu/306117

Source: secalert@redhat.com

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=1163075

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/99194

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-0349.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0624.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://thread.gmane.org/gmane.comp.emulators.qemu/306117

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=1163075

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/99194

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.