CVE-2014-0150

Severity

Theme

CVE-2014-0150

medium

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.

ID	Name	Product	Family	Severity
81944	Mandriva Linux Security Advisory : qemu (MDVSA-2015:061)	Nessus	Mandriva Local Security Checks	high
79902	Fedora 21 : xen-4.4.1-9.fc21 (2014-15951)	Nessus	Fedora Local Security Checks	high
79652	Fedora 20 : xen-4.3.3-5.fc20 (2014-15521)	Nessus	Fedora Local Security Checks	high
79651	Fedora 19 : xen-4.2.5-5.fc19 (2014-15503)	Nessus	Fedora Local Security Checks	high
79407	Mandriva Linux Security Advisory : qemu (MDVSA-2014:220)	Nessus	Mandriva Local Security Checks	high
79029	RHEL 6 : rhev-hypervisor6 3.4.0 (RHSA-2014:0674)	Nessus	Red Hat Local Security Checks	high
79015	RHEL 6 : qemu-kvm-rhev (RHSA-2014:0421)	Nessus	Red Hat Local Security Checks	high
77461	GLSA-201408-17 : QEMU: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
76138	SuSE 11.3 Security Update : KVM (SAT Patch Number 9302)	Nessus	SuSE Local Security Checks	high
73818	Fedora 20 : qemu-1.6.2-4.fc20 (2014-5825)	Nessus	Fedora Local Security Checks	high
73752	Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : qemu, qemu-kvm vulnerabilities (USN-2182-1)	Nessus	Ubuntu Local Security Checks	high
73664	Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20140422)	Nessus	Scientific Linux Local Security Checks	high
73663	RHEL 6 : qemu-kvm (RHSA-2014:0420)	Nessus	Red Hat Local Security Checks	high
73662	Oracle Linux 6 : qemu-kvm (ELSA-2014-0420)	Nessus	Oracle Linux Local Security Checks	high
73656	CentOS 6 : qemu-kvm (CESA-2014:0420)	Nessus	CentOS Local Security Checks	high
73626	Debian DSA-2910-1 : qemu-kvm - security update	Nessus	Debian Local Security Checks	medium
73625	Debian DSA-2909-1 : qemu - security update	Nessus	Debian Local Security Checks	medium

CVE-2014-0150

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

medium

medium