CVE-2014-3689

HIGH

Description

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

References

http://secunia.com/advisories/60923

http://secunia.com/advisories/62143

http://secunia.com/advisories/62144

http://www.debian.org/security/2014/dsa-3066

http://www.debian.org/security/2014/dsa-3067

http://www.osvdb.org/114397

http://www.ubuntu.com/usn/USN-2409-1

https://www.mail-archive.com/[email protected]/msg261580.html

Details

Source: MITRE

Published: 2014-11-14

Updated: 2014-11-14

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH