Launchpad CVE tracker

CVE 2014-0150

Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2014-0150 (Candidate) is related to these bugs:

Bug #1303926: qemu-system-x86_64 crashed with SIGABRT

Summary				In	Importance	Status
	1303926	qemu-system-x86_64 crashed with SIGABRT		qemu (Ubuntu)	High	Fix Released
	1303926	qemu-system-x86_64 crashed with SIGABRT		QEMU	Undecided	Fix Released

Bug #1324927: qemu vulnerabilities (CVE-2014-0150, CVE-2014-2894)

		In	Importance	Status
1324927	qemu vulnerabilities (CVE-2014-0150, CVE-2014-2894)	Fuel for OpenStack	Critical	Fix Released
1324927	qemu vulnerabilities (CVE-2014-0150, CVE-2014-2894)	Fuel for OpenStack 4.1.x	Critical	Won't Fix
1324927	qemu vulnerabilities (CVE-2014-0150, CVE-2014-2894)	Fuel for OpenStack 5.0.x	High	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-0150

References