CVE-2014-0148 : Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite l

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.

Published 2022-09-29 03:15:11

Updated 2023-02-13 00:33:10

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-0148

Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Virtualization » Version: 3.0
cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Openstack Platform » Version: 5
cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:*:*:*:*:*:*:*
Matching versions
Qemu » Qemu
Versions before (<) 2.0.0
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-0148

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 11 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-0148

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2014-0148

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-0148

http://www.openwall.com/lists/oss-security/2014/03/26/8

oss-security - QEMU image format input validation fixes (multiple CVEs)
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html

[Qemu-devel] [PATCH for-2.0 00/47] block: image format input validation
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2014-0421.html

RHSA-2014:0421 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2014-0420.html

RHSA-2014:0420 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6

QEMU · GitLab
https://bugzilla.redhat.com/show_bug.cgi?id=1078212

1078212 – (CVE-2014-0148) CVE-2014-0148 Qemu: vhdx: bounds checking for block_size and logical_sector_size
Issue Tracking;Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2014-0148

Products affected by CVE-2014-0148

Exploit prediction scoring system (EPSS) score for CVE-2014-0148

CVSS scores for CVE-2014-0148

CWE ids for CVE-2014-0148

References for CVE-2014-0148