CVE-2014-3689

Publication date 17 October 2014

Last updated 24 July 2024

Ubuntu priority

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qemu	14.10 utopic	Fixed 2.1+dfsg-4ubuntu6.1
	14.04 LTS trusty	Fixed 2.0.0+dfsg-2ubuntu1.7
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
qemu-kvm	14.10 utopic	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Fixed 1.0+noroms-0ubuntu14.19
	10.04 LTS lucid	Fixed 0.12.3+noroms-0ubuntu9.25

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
qemu	Proposed: http://thread.gmane.org/gmane.comp.emulators.qemu/301713 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=83afa38eb20ca27e30683edc7729880e091387fc Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=07258900fd45b646f5b69048d64c4490b3243e1b Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=1735fe1edba9cc86bc0f26937ed5a62d3cb47c9c Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=61b41b4c20eba08d2185297767e69153d7f3e09d Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=bd9ccd8517e83b7c33a9167815dbfffb30d70b13

Package

Patch details

qemu

Proposed: http://thread.gmane.org/gmane.comp.emulators.qemu/301713
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=83afa38eb20ca27e30683edc7729880e091387fc
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=07258900fd45b646f5b69048d64c4490b3243e1b
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=1735fe1edba9cc86bc0f26937ed5a62d3cb47c9c
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=61b41b4c20eba08d2185297767e69153d7f3e09d
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=bd9ccd8517e83b7c33a9167815dbfffb30d70b13

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2409-1
QEMU vulnerabilities
13 November 2014

Other references

https://www.cve.org/CVERecord?id=CVE-2014-3689