CVE-2014-9718

Published: Apr 21, 2015Modified: May 6, 2026

4.9

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 3.9 / Impact: 6.9

Source: NVD

Description

The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.

Affected (43)

Products: Debian: Debian Linux · Qemu: Qemu

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration B

42 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Version 1.0.1
Qemu Qemu	Version 1.0
Qemu Qemu	Version 1.0 rc1
Qemu Qemu	Version 1.0 rc2
Qemu Qemu	Version 1.0 rc3
Qemu Qemu	Version 1.0 rc4
Qemu Qemu	Version 1.1
Qemu Qemu	Version 1.1 rc1
Qemu Qemu	Version 1.1 rc2
Qemu Qemu	Version 1.1 rc3
Qemu Qemu	Version 1.1 rc4
Qemu Qemu	Version 1.4.1
Qemu Qemu	Version 1.4.2
Qemu Qemu	Version 1.5.0
Qemu Qemu	Version 1.5.0 rc1
Qemu Qemu	Version 1.5.0 rc2
Qemu Qemu	Version 1.5.0 rc3
Qemu Qemu	Version 1.5.1
Qemu Qemu	Version 1.5.2
Qemu Qemu	Version 1.5.3
Qemu Qemu	Version 1.6.0
Qemu Qemu	Version 1.6.0 rc1
Qemu Qemu	Version 1.6.0 rc2
Qemu Qemu	Version 1.6.0 rc3
Qemu Qemu	Version 1.6.1
Qemu Qemu	Version 1.6.2
Qemu Qemu	Version 1.7.1
Qemu Qemu	Version 2.0.0
Qemu Qemu	Version 2.0.0 rc0
Qemu Qemu	Version 2.0.0 rc1
Qemu Qemu	Version 2.0.0 rc2
Qemu Qemu	Version 2.0.0 rc3
Qemu Qemu	Version 2.0.2
Qemu Qemu	Version 2.1.0
Qemu Qemu	Version 2.1.0 rc0
Qemu Qemu	Version 2.1.0 rc1
Qemu Qemu	Version 2.1.0 rc2
Qemu Qemu	Version 2.1.0 rc3
Qemu Qemu	Version 2.1.0 rc5
Qemu Qemu	Version 2.1.1
Qemu Qemu	Version 2.1.2
Qemu Qemu	Version 2.1.3