Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30746
HistoryMay 15, 2014 - 12:00 a.m.

[oss-security] CVE-2014-0222 Qemu: qcow1: Validate L2 table size

2014-05-1500:00:00
vulners.com
15
JSON

Hello,

'CVE-2014-0222' has been assigned to this issue.

Too large L2 table sizes cause unbounded allocations. Images actually
created by qemu-img only have 512 byte or 4k L2 tables.

To keep things consistent with cluster sizes, allow ranges between 512
bytes and 64k (in fact, down to 1 entry = 8 bytes is technically
working, but L2 table sizes smaller than a cluster don't make a lot of
sense).

This also means that the number of bytes on the virtual disk that are
described by the same L2 table is limited to at most 8k * 64k or 2^29,
preventively avoiding any integer overflows.

Upstream fix:

-> https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html

Thank you.

Prasad J Pandit / Red Hat Security Response Team

Related

ubuntucve 1
veracode 2
cve 1
debiancve 1
prion 1
ibm 1
nessus 35
openvas 40
redhat 6
centos 2
oraclelinux 3
suse 16
fedora 8
securityvulns 3
debian 2
gentoo 1
ubuntu 1
mageia 1
ubuntucve
ubuntucve
CVE-2014-0222
2014-05-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:59:20
Denial Of Service (DoS)
2019-05-02 05:03:55
cve
cve
CVE-2014-0222
2014-11-04 21:55:00
debiancve
debiancve
CVE-2014-0222
2014-11-04 21:55:00
prion
prion
Integer overflow
2014-11-04 21:55:00
ibm
ibm
Security Bulletin: Vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance.
2018-06-17 22:30:11
nessus
nessus
CentOS 6 : qemu-kvm (CESA-2014:1075)
2014-08-21 00:00:00
Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20140819)
2014-08-20 00:00:00
RHEL 6 : qemu-kvm-rhev (RHSA-2014:1076)
2014-11-08 00:00:00
openvas
openvas
RedHat Update for qemu-kvm RHSA-2014:1075-01
2014-08-20 00:00:00
Oracle: Security Advisory (ELSA-2014-1075)
2015-10-06 00:00:00
CentOS Update for qemu-guest-agent CESA-2014:1075 centos6
2014-08-21 00:00:00
redhat
redhat
(RHSA-2014:1076) Moderate: qemu-kvm-rhev security and bug fix update
2014-08-19 00:00:00
(RHSA-2014:1187) Moderate: qemu-kvm-rhev security update
2014-09-15 00:00:00
(RHSA-2014:1075) Moderate: qemu-kvm security and bug fix update
2014-08-19 00:00:00
centos
centos
qemu security update
2014-08-19 10:00:56
libcacard, qemu security update
2014-07-25 13:23:24
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2014-08-19 00:00:00
qemu-kvm security and bug fix update
2014-07-23 00:00:00
qemu-kvm security, bug fix, and enhancement update
2015-03-11 00:00:00
suse
suse
Security update for KVM (important)
2015-05-22 00:08:52
Security update for xen (important)
2015-11-10 18:10:12
Security update for xen (important)
2015-11-03 11:12:06
fedora
fedora
[SECURITY] Fedora 20 Update: qemu-1.6.2-6.fc20
2014-06-10 02:56:05
[SECURITY] Fedora 20 Update: qemu-1.6.2-7.fc20
2014-07-26 00:11:13
[SECURITY] Fedora 20 Update: qemu-1.6.2-8.fc20
2014-09-11 00:54:50
securityvulns
securityvulns
QEMU multiple security vulnerabilities
2014-05-15 00:00:00
[SECURITY] [DSA 3045-1] qemu security update
2014-10-13 00:00:00
qemu multiple security vulnerabilities
2014-12-08 00:00:00
debian
debian
[SECURITY] [DSA 3045-1] qemu security update
2014-10-04 19:27:38
[SECURITY] [DSA 3044-1] qemu-kvm security update
2014-10-04 19:26:54
gentoo
gentoo
QEMU: Multiple vulnerabilities
2014-08-30 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2014-09-08 00:00:00
mageia
mageia
Updated qemu packages fix multiple security vulnerabilities
2014-10-28 14:33:36
JSON
Related for SECURITYVULNS:DOC:30746
ubuntucve1veracode2cve1debiancve1prion1ibm1nessus35openvas40redhat6centos2oraclelinux3suse16fedora8securityvulns3debian2gentoo1ubuntu1mageia1