[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2014-0704 -- Oracle qemu-kvm, libcacard and qemu-guest-agent

ID: oval:org.secpod.oval:def:1500620Date: (C)2014-08-22   (M)2023-02-20
Class: PATCHFamily: unix




An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

Platform:
Oracle Linux 7
Product:
qemu-kvm
libcacard
qemu-guest-agent
Reference:
ELSA-2014-0704
CVE-2014-2894
CVE    1
CVE-2014-2894
CPE    4
cpe:/a:kvm_group:qemu-kvm
cpe:/a:kvm_group:qemu_guest_agent
cpe:/o:oracle:linux:7
cpe:/a:spice-space:libcacard
...

© SecPod Technologies