CVE-2014-3689

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

References

http://secunia.com/advisories/60923

http://secunia.com/advisories/62143

http://secunia.com/advisories/62144

http://www.debian.org/security/2014/dsa-3066

http://www.debian.org/security/2014/dsa-3067

http://www.osvdb.org/114397

http://www.ubuntu.com/usn/USN-2409-1

https://www.mail-archive.com/[email protected]/msg261580.html

Details

Source: MITRE

Published: 2014-11-14

Updated: 2020-08-11

Type: CWE-269

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
150537SUSE SLES11 Security Update : kvm (SUSE-SU-2021:14704-1)NessusSuSE Local Security Checks
high
142284EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2020-2392)NessusHuawei Local Security Checks
high
140864EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2020-2097)NessusHuawei Local Security Checks
high
93180SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1785-1)NessusSuSE Local Security Checks
critical
93177SUSE SLES11 Security Update : xen (SUSE-SU-2016:1745-1)NessusSuSE Local Security Checks
critical
93169SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1698-1)NessusSuSE Local Security Checks
critical
91660SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1560-1)NessusSuSE Local Security Checks
critical
91249SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:1318-1)NessusSuSE Local Security Checks
critical
90759SUSE SLES11 Security Update : xen (SUSE-SU-2016:1154-1)NessusSuSE Local Security Checks
critical
90478openSUSE Security Update : xen (openSUSE-2016-439)NessusSuSE Local Security Checks
critical
90396SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2016:0955-1)NessusSuSE Local Security Checks
critical
90260openSUSE Security Update : xen (openSUSE-2016-413)NessusSuSE Local Security Checks
critical
90186SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:0873-1)NessusSuSE Local Security Checks
critical
81944Mandriva Linux Security Advisory : qemu (MDVSA-2015:061)NessusMandriva Local Security Checks
high
80242GLSA-201412-37 : QEMU: Multiple VulnerabilitiesNessusGentoo Local Security Checks
high
79407Mandriva Linux Security Advisory : qemu (MDVSA-2014:220)NessusMandriva Local Security Checks
high
79244Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : qemu, qemu-kvm vulnerabilities (USN-2409-1)NessusUbuntu Local Security Checks
high
79089Fedora 20 : qemu-1.6.2-10.fc20 (2014-14033)NessusFedora Local Security Checks
high
79073Fedora 21 : qemu-2.1.2-6.fc21 (2014-13993)NessusFedora Local Security Checks
high
78898Debian DSA-3067-1 : qemu-kvm - security updateNessusDebian Local Security Checks
high
78897Debian DSA-3066-1 : qemu - security updateNessusDebian Local Security Checks
high