Vulnerability CVE-2014-2894

Vulnerability Name:

CVE-2014-2894 (CCN-92663)

Assigned:

2014-04-12

Published:

2014-04-12

Updated:

2023-02-13

Summary:

Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.0 Medium (REDHAT CVSS v2 Vector: AV:A/AC:H/Au:S/C:P/I:P/A:P)
2.9 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:H/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): High Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2014-2894

Source: CCN
Type: QEMU GIT Repository
QEMU

Source: CCN
Type: RHSA-2014-0674
Moderate: rhev-hypervisor6 3.4.0 security, bug fix, and enhancement update

Source: CCN
Type: RHSA-2014-0704
Moderate: qemu-kvm security and bug fix update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2014-0743
Moderate: qemu-kvm security and bug fix update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2014-0744
Moderate: qemu-kvm-rhev security update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SA57945
Qemu IDE SMART EXECUTE OFFLINE Memory Corruption Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-66932
QEMU IDE SMART Out of Bounds Local Privilege Escalation Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
qemu-cve20142894-code-exec(92663)

Source: CCN
Type: Qemu-devel
ide: Correct improper smart self test count

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-2894

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20142894	V	CVE-2014-2894	2022-05-20
oval:org.opensuse.security:def:31720	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:32244	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:26143	P	Security update for curl (Moderate)	2021-10-11
oval:org.opensuse.security:def:31646	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:36168	P	kvm-1.4.2-30.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31634	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:42575	P	kvm-1.4.2-30.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26059	P	Security update for postgresql12 (Moderate)	2021-05-27
oval:org.opensuse.security:def:32088	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:33092	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:31635	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:32001	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:26002	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:27131	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32349	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:25717	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32410	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:26347	P	Security update for jq (Low)	2020-12-01
oval:org.opensuse.security:def:31944	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:25729	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:26435	P	Security update for znc (Low)	2020-12-01
oval:org.opensuse.security:def:25921	P	Recommended update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26493	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:32300	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:27166	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32388	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:26294	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:31852	P	Recommended udpate for SUSE Manager Client Tools (Low)	2020-12-01
oval:org.opensuse.security:def:25718	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:32454	P	Security update for xorg-x11-libICE (Moderate)	2020-12-01
oval:org.opensuse.security:def:26396	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25793	P	Security update for icedtea-web (Moderate)	2020-12-01
oval:org.opensuse.security:def:33131	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26449	P	Security update for nginx (Moderate)	2020-12-01
oval:org.mitre.oval:def:27247	P	ELSA-2014-0704 -- qemu-kvm security and bug fix update (moderate)	2015-02-23
oval:org.mitre.oval:def:25804	P	SUSE-SU-2014:0816-1 -- Security update for KVM	2014-09-15
oval:org.mitre.oval:def:25072	P	RHSA-2014:0704: qemu-kvm security and bug fix update (Moderate)	2014-09-08
oval:org.mitre.oval:def:24919	P	ELSA-2014:0743: qemu-kvm security and bug fix update (Moderate)	2014-09-01
oval:org.mitre.oval:def:25125	P	RHSA-2014:0743: qemu-kvm security and bug fix update (Moderate)	2014-08-18
oval:org.mitre.oval:def:24016	P	USN-2182-1 -- qemu, qemu-kvm vulnerabilities	2014-07-21
oval:com.redhat.rhsa:def:20140704	P	RHSA-2014:0704: qemu-kvm security and bug fix update (Moderate)	2014-06-10
oval:com.redhat.rhsa:def:20140743	P	RHSA-2014:0743: qemu-kvm security and bug fix update (Moderate)	2014-06-10
oval:com.ubuntu.precise:def:20142894000	V	CVE-2014-2894 on Ubuntu 12.04 LTS (precise) - medium.	2014-04-23
oval:com.ubuntu.trusty:def:20142894000	V	CVE-2014-2894 on Ubuntu 14.04 LTS (trusty) - medium.	2014-04-23

BACK