Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 507790 (CVE-2014-2894)

Summary: <app-emulation/qemu-2.0.0: out of bounds buffer accesses, guest triggerable via IDE SMART (CVE-2014-2894)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: cardoe, qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 507796    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2014-04-16 07:45:54 UTC
From ${URL} :

An out of bounds memory access flaw was found in Qemu's IDE device model.
It leads to Qemu's memory corruption via buffer overwrite(4 bytes). It occurs
while executing IDE SMART commands.

A user on guest could use this flaw to corrupt Qemu process's memory on the

Upstream fix:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 2 SpanKY gentoo-dev 2014-05-06 18:27:43 UTC
ok, but that's in qemu-2.0.0 already
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-05-07 20:15:08 UTC
There was a comment on the mailing list about earlier stable branches:

> Should also be fixed in the stable branch of earlier releases. The bug
> is present since SMART emulation was added in 2009.

Can the Maintainers confirm if this is vulnerable in previous versions?
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:31:04 UTC
This issue was resolved and addressed in
 GLSA 201408-17 at
by GLSA coordinator Kristian Fiskerstrand (K_F).