CVE-2014-0147 — MEDIUM (6.2)

Q: How severe is CVE-2014-0147?

CVE-2014-0147 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-0147?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Fedoraproject Fedora, Redhat Virtualization, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.

Vulnerability Description

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qemu	Qemu	< 1.6.2
Fedoraproject	Fedora	20
Redhat	Virtualization	3.0
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Eus	6.5
Redhat	Enterprise Linux Openstack Platform	5
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	6.5
Redhat	Enterprise Linux Server Tus	6.5
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-190

References

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c3
http://rhn.redhat.com/errata/RHSA-2014-0420.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0421.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2014/03/26/8Mailing ListPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1078848Issue TrackingThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1086717Issue TrackingThird Party Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c3
http://rhn.redhat.com/errata/RHSA-2014-0420.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0421.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2014/03/26/8Mailing ListPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1078848Issue TrackingThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1086717Issue TrackingThird Party Advisory

FAQ

What is CVE-2014-0147?

CVE-2014-0147 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while ...

How severe is CVE-2014-0147?

CVE-2014-0147 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0147?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Fedoraproject Fedora, Redhat Virtualization, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.