ELSA-2014-0704 -- Oracle qemu-kvm, libcacard and qemu-guest-agentID: oval:org.secpod.oval:def:1500620 | Date: (C)2014-08-22 (M)2023-02-20 |
Class: PATCH | Family: unix |
An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
Product: |
qemu-kvm |
libcacard |
qemu-guest-agent |