Launchpad CVE tracker

CVE 2014-2894

Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.

Related bugs and status

CVE-2014-2894 (Candidate) is related to these bugs:

Bug #1303926: qemu-system-x86_64 crashed with SIGABRT

Summary				In	Importance	Status
	1303926	qemu-system-x86_64 crashed with SIGABRT		qemu (Ubuntu)	High	Fix Released
	1303926	qemu-system-x86_64 crashed with SIGABRT		QEMU	Undecided	Fix Released

Bug #1324927: qemu vulnerabilities (CVE-2014-0150, CVE-2014-2894)

		In	Importance	Status
1324927	qemu vulnerabilities (CVE-2014-0150, CVE-2014-2894)	Fuel for OpenStack	Critical	Fix Released
1324927	qemu vulnerabilities (CVE-2014-0150, CVE-2014-2894)	Fuel for OpenStack 4.1.x	Critical	Won't Fix
1324927	qemu vulnerabilities (CVE-2014-0150, CVE-2014-2894)	Fuel for OpenStack 5.0.x	High	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-2894

References