Vulnerability in Qemu Block Driver for Hyper-V VHDX Images by Red Hat
CVE-2014-0148

5.5MEDIUM

Key Information:

Vendor

Qemu
Status
Qemu
Vendor
CVE Published:
29 September 2022

What is CVE-2014-0148?

The Qemu block driver utilized for Hyper-V VHDX images is insecure due to inadequate bounds checking on critical variables such as block_size and logical_sector_size. This oversight can lead to infinite loops and associated issues when calculating derived parameters like sectors_per_block. An attacker with the ability to modify the Qemu disk image can exploit this vulnerability, resulting in potential crashes of the Qemu instance and causing disruptions through Denial of Service (DoS).

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Qemu before 2.0

References

http://rhn.redhat.com/errata/RHSA-2014-0420.html
x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2014-0421.html
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/03/26/8
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.