CVE-2014-5388 — MEDIUM (4.6)

Q: How severe is CVE-2014-5388?

CVE-2014-5388 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-5388?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Canonical Ubuntu Linux.

Vulnerability Description

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Qemu	Qemu	<= 2.1.3
Canonical	Ubuntu Linux	10.04

Related Weaknesses (CWE)

CWE-193

References

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d3676
http://seclists.org/oss-sec/2014/q3/438Mailing ListPatchThird Party Advisory
http://seclists.org/oss-sec/2014/q3/440Mailing ListThird Party Advisory
http://www.ubuntu.com/usn/USN-2409-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1132956Issue TrackingThird Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.htmlPatchThird Party Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d3676
http://seclists.org/oss-sec/2014/q3/438Mailing ListPatchThird Party Advisory
http://seclists.org/oss-sec/2014/q3/440Mailing ListThird Party Advisory
http://www.ubuntu.com/usn/USN-2409-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1132956Issue TrackingThird Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.htmlPatchThird Party Advisory

FAQ

What is CVE-2014-5388?

CVE-2014-5388 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related...

How severe is CVE-2014-5388?

CVE-2014-5388 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-5388?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Canonical Ubuntu Linux.