CVE-2014-8106 insufficient blit region check
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qemu (Ubuntu) |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Utopic |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Vivid |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
qemu-kvm (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Precise |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Trusty |
Invalid
|
Undecided
|
Unassigned | ||
Utopic |
Invalid
|
Undecided
|
Unassigned | ||
Vivid |
Invalid
|
Undecided
|
Unassigned |
Bug Description
The following references describe an insufficient blit region check issue in qemu:
https:/
https:/
This vulnerability potentially allows root within a guest to perform a denial of service and perhaps execute arbitrary code with the privileges of the qemu host process.
Fixes upstream appear to be:
http://
http://
I am using the following, but believe this vulnerability exists in (at least) T, U and V. It may exist in P or L (unchecked).
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Changed in qemu (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in qemu (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in qemu (Ubuntu Trusty): | |
status: | New → Confirmed |
Changed in qemu (Ubuntu Utopic): | |
status: | New → Confirmed |
Changed in qemu (Ubuntu Vivid): | |
status: | New → Confirmed |
Changed in qemu (Ubuntu Lucid): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in qemu (Ubuntu Precise): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in qemu (Ubuntu Trusty): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in qemu (Ubuntu Utopic): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in qemu (Ubuntu Vivid): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in qemu-kvm (Ubuntu Trusty): | |
status: | New → Invalid |
Changed in qemu-kvm (Ubuntu Utopic): | |
status: | New → Invalid |
Changed in qemu-kvm (Ubuntu Vivid): | |
status: | New → Invalid |
Changed in qemu (Ubuntu Lucid): | |
assignee: | Marc Deslauriers (mdeslaur) → nobody |
status: | Confirmed → Invalid |
Changed in qemu (Ubuntu Precise): | |
assignee: | Marc Deslauriers (mdeslaur) → nobody |
status: | Confirmed → Invalid |
Changed in qemu-kvm (Ubuntu Lucid): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
status: | New → Confirmed |
Changed in qemu-kvm (Ubuntu Precise): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
status: | New → Confirmed |
Made this public as the links to which it refers are public.