CVE-2014-0143

HIGH Year: 2014
CVSS v3 Score
7.0
High
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-190
View all →

Vulnerability Description

Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.

Related Vulnerabilities

CVE-2017-0521

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High...

CWE-1902017

CVE-2017-0553

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because i...

CWE-1902017

CVE-2017-0576

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated ...

CWE-1902017

CVE-2017-0611

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High ...

CWE-1902017

CVE-2017-4950

HIGH
CVSS:7.0(High)

VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute c...

CWE-1902017

CVE-2017-8267

HIGH
CVSS:7.0(High)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.

CWE-1902017