CVE-2014-7840 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2014-7840?

CVE-2014-7840 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-7840?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.

Vulnerability Description

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Qemu	Qemu	<= 2.1.3
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Eus	7.3
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.3
Redhat	Enterprise Linux Workstation	7.0
Redhat	Virtualization	3.0
Redhat	Enterprise Linux	7.0

Related Weaknesses (CWE)

CWE-20

References

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bea
http://rhn.redhat.com/errata/RHSA-2015-0349.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0624.htmlThird Party Advisory
http://thread.gmane.org/gmane.comp.emulators.qemu/306117Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=1163075Issue TrackingThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99194Third Party AdvisoryVDB Entry
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bea
http://rhn.redhat.com/errata/RHSA-2015-0349.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0624.htmlThird Party Advisory
http://thread.gmane.org/gmane.comp.emulators.qemu/306117Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=1163075Issue TrackingThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99194Third Party AdvisoryVDB Entry

FAQ

What is CVE-2014-7840?

CVE-2014-7840 is a vulnerability with a CVSS score of 7.5 (HIGH). The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm...

How severe is CVE-2014-7840?

CVE-2014-7840 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-7840?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.