CVE-2014-3615

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

References

http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7

http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c1b886c45dc70f247300f549dce9833f3fa2def5

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

http://rhn.redhat.com/errata/RHSA-2014-1669.html

http://rhn.redhat.com/errata/RHSA-2014-1670.html

http://rhn.redhat.com/errata/RHSA-2014-1941.html

http://secunia.com/advisories/61829

http://support.citrix.com/article/CTX200892

http://www.debian.org/security/2014/dsa-3044

http://www.securityfocus.com/bid/69654

http://www.ubuntu.com/usn/USN-2409-1

https://bugzilla.redhat.com/show_bug.cgi?id=1139115

Details

Source: MITRE

Published: 2014-11-01

Updated: 2020-08-11

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* versions up to 2.1.3 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
94608SUSE SLES11 Security Update : xen (SUSE-SU-2016:2725-1) (Bunker Buster)NessusSuSE Local Security Checks
critical
94269SUSE SLES12 Security Update : xen (SUSE-SU-2016:2533-1) (Bunker Buster)NessusSuSE Local Security Checks
critical
94267SUSE SLES11 Security Update : xen (SUSE-SU-2016:2528-1) (Bunker Buster)NessusSuSE Local Security Checks
critical
94000openSUSE Security Update : xen (openSUSE-2016-1170) (Bunker Buster)NessusSuSE Local Security Checks
critical
93999openSUSE Security Update : xen (openSUSE-2016-1169) (Bunker Buster)NessusSuSE Local Security Checks
critical
93180SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1785-1)NessusSuSE Local Security Checks
critical
93169SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1698-1)NessusSuSE Local Security Checks
critical
92601OracleVM 3.3 : xen (OVMSA-2016-0089)NessusOracleVM Local Security Checks
high
91756OracleVM 3.2 : xen (OVMSA-2016-0081)NessusOracleVM Local Security Checks
high
91660SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1560-1)NessusSuSE Local Security Checks
critical
84333openSUSE Security Update : xen (openSUSE-2015-434) (Venom)NessusSuSE Local Security Checks
high
83717SUSE SLES10 Security Update : Xen (SUSE-SU-2015:0744-1)NessusSuSE Local Security Checks
high
83707SUSE SLED12 / SLES12 Security Update : Xen (SUSE-SU-2015:0613-1)NessusSuSE Local Security Checks
high
83163Citrix XenServer Multiple Vulnerabilities (CTX200892)NessusMisc.
medium
82907openSUSE Security Update : xen (openSUSE-2015-314)NessusSuSE Local Security Checks
high
81944Mandriva Linux Security Advisory : qemu (MDVSA-2015:061)NessusMandriva Local Security Checks
high
79811GLSA-201412-01 : QEMU: Multiple VulnerabilitiesNessusGentoo Local Security Checks
medium
79407Mandriva Linux Security Advisory : qemu (MDVSA-2014:220)NessusMandriva Local Security Checks
high
79244Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : qemu, qemu-kvm vulnerabilities (USN-2409-1)NessusUbuntu Local Security Checks
high
79059RHEL 7 : qemu-kvm-rhev (RHSA-2014:1670)NessusRed Hat Local Security Checks
low
78622Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20141020)NessusScientific Linux Local Security Checks
low
78606CentOS 7 : qemu-kvm (CESA-2014:1669)NessusCentOS Local Security Checks
low
78594RHEL 7 : qemu-kvm (RHSA-2014:1669)NessusRed Hat Local Security Checks
low
78592Oracle Linux 7 : qemu-kvm (ELSA-2014-1669)NessusOracle Linux Local Security Checks
low
78046Debian DSA-3045-1 : qemu - security updateNessusDebian Local Security Checks
high
78045Debian DSA-3044-1 : qemu-kvm - security updateNessusDebian Local Security Checks
high
77795Fedora 21 : qemu-2.1.1-1.fc21 (2014-10761)NessusFedora Local Security Checks
medium
77613Fedora 20 : qemu-1.6.2-8.fc20 (2014-10445)NessusFedora Local Security Checks
low