CVE-2014-5388

Publication date 26 August 2014

Last updated 24 July 2024

Description

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qemu	14.10 utopic	Fixed 2.1+dfsg-3ubuntu4
	14.04 LTS trusty	Fixed 2.0.0+dfsg-2ubuntu1.7
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
qemu-kvm	14.10 utopic	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not affected

Notes

mdeslaur

introduced in 1.7.x by http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
qemu	Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=fa365d7cd11185237471823a5a33d36765454e16

References

Related Ubuntu Security Notices (USN)

USN-2409-1
QEMU vulnerabilities
13 November 2014