CVE-2014-3471
CVSS2.1
发布时间 :2018-01-12 12:29:00
修订时间 :2018-01-31 09:51:49
NMCPS    

[原文]Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices.


[CNNVD]QEMU 拒绝服务漏洞(CNNVD-201406-678)

        

QEMU是法国程序员法布里斯-贝拉(Fabrice Bellard)所研发的一套模拟处理器软件。该软件具有速度快、跨平台等特点。

QEMU中存在拒绝服务漏洞。攻击者可利用该漏洞造成拒绝服务。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-416 [释放后使用]

- CPE (受影响的平台与产品)

cpe:/a:qemu:qemu:2.1.2
cpe:/a:qemu:qemu:2.1.2:r1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:26768USN-2342-1 -- qemu, qemu-kvm vulnerabilities
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3471
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3471
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-201406-678
(官方数据源) CNNVD

- 其它链接及资源

http://security.gentoo.org/glsa/glsa-201412-01.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-201412-01
http://www.openwall.com/lists/oss-security/2014/06/23/4
(VENDOR_ADVISORY)  MLIST  [oss-security] 20140623 CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest
http://www.securityfocus.com/bid/68145
(VENDOR_ADVISORY)  BID  68145
https://bugzilla.redhat.com/show_bug.cgi?id=1112271
(VENDOR_ADVISORY)  CONFIRM  https://bugzilla.redhat.com/show_bug.cgi?id=1112271
https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html
(VENDOR_ADVISORY)  MLIST  [qemu-devel] 20140623 PATCH v2 3/3] hw/pcie: better hotplug/hotunplug support

- 漏洞信息

QEMU 拒绝服务漏洞
2014-06-30 00:00:00 2014-06-30 00:00:00
远程  
        

QEMU是法国程序员法布里斯-贝拉(Fabrice Bellard)所研发的一套模拟处理器软件。该软件具有速度快、跨平台等特点。

QEMU中存在拒绝服务漏洞。攻击者可利用该漏洞造成拒绝服务。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页:
        http://wiki.qemu.org/Index.html

- 漏洞信息 (F129422)

Gentoo Linux Security Advisory 201412-01 (PacketStormID:F129422)
2014-12-08 00:00:00
Gentoo  security.gentoo.org
advisory,denial of service,vulnerability
linux,gentoo
CVE-2014-3471,CVE-2014-3615,CVE-2014-3640,CVE-2014-5263,CVE-2014-5388,CVE-2014-7815
[点击下载]

Gentoo Linux Security Advisory 201412-1 - Multiple vulnerabilities have been found in QEMU, the worst of which allows context dependent attackers to cause Denial of Service. Versions less than 2.1.2-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201412-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: QEMU: Multiple Vulnerabilities
     Date: December 08, 2014
     Bugs: #514680, #519506, #520688, #522364, #523428, #527088
       ID: 201412-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in QEMU, the worst of which
allows context dependent attackers to cause Denial of Service.

Background
==========

QEMU is a generic and open source machine emulator and virtualizer.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  app-emulation/qemu          < 2.1.2-r1               >= 2.1.2-r1

Description
===========

Multiple vulnerabilities have been discovered in QEMU. Please review
the CVE identifiers referenced below for details.

Impact
======

A context-dependent attacker could cause a Denial of Service condition
and a local user can obtain sensitive information.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All QEMU users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.1.2-r1"

References
==========

[ 1 ] CVE-2014-3471
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3471
[ 2 ] CVE-2014-3615
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3615
[ 3 ] CVE-2014-3640
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3640
[ 4 ] CVE-2014-5263
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5263
[ 5 ] CVE-2014-5388
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5388
[ 6 ] CVE-2014-7815
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7815

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201412-01.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

    

- 漏洞信息

QEMU CVE-2014-3471 Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 68145
Yes No
2014-06-23 12:00:00 2014-12-09 08:54:00
The vendor reported this issue.

- 受影响的程序版本

Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
QEMU QEMU 0
Gentoo Linux

- 漏洞讨论

QEMU is prone to a denial-of-service vulnerability.

Successful exploits may allow an attacker to cause a denial-of-service condition.

- 漏洞利用

An attacker can exploit this issue by using readily available utilities.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站