{"id":"USN-2342-1","summary":"qemu, qemu-kvm vulnerabilities","details":"Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple\nissues with QEMU state loading after migration. An attacker able to modify\nthe state data could use these issues to cause a denial of service, or\npossibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149,\nCVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529,\nCVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534,\nCVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539,\nCVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182,\nCVE-2014-3461)\n\nKevin Wolf, Stefan Hajnoczi, Fam Zheng, Jeff Cody, Stefan Hajnoczi, and\nothers discovered multiple issues in the QEMU block drivers. An attacker\nable to modify disk images could use these issues to cause a denial of\nservice, or possibly execute arbitrary code. (CVE-2014-0142, CVE-2014-0143,\nCVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222,\nCVE-2014-0223)\n\nIt was discovered that QEMU incorrectly handled certain PCIe bus hotplug\noperations. A malicious guest could use this issue to crash the QEMU host,\nresulting in a denial of service. (CVE-2014-3471)\n","modified":"2026-02-10T04:40:50Z","published":"2014-09-08T17:35:27Z","related":["UBUNTU-CVE-2013-4148","UBUNTU-CVE-2013-4149","UBUNTU-CVE-2013-4150","UBUNTU-CVE-2013-4151","UBUNTU-CVE-2013-4526","UBUNTU-CVE-2013-4527","UBUNTU-CVE-2013-4529","UBUNTU-CVE-2013-4530","UBUNTU-CVE-2013-4531","UBUNTU-CVE-2013-4532","UBUNTU-CVE-2013-4533","UBUNTU-CVE-2013-4534","UBUNTU-CVE-2013-4535","UBUNTU-CVE-2013-4536","UBUNTU-CVE-2013-4537","UBUNTU-CVE-2013-4538","UBUNTU-CVE-2013-4539","UBUNTU-CVE-2013-4540","UBUNTU-CVE-2013-4541","UBUNTU-CVE-2013-4542","UBUNTU-CVE-2013-6399","UBUNTU-CVE-2014-0182","UBUNTU-CVE-2014-0222","UBUNTU-CVE-2014-0223","UBUNTU-CVE-2014-3461","UBUNTU-CVE-2014-3471"],"upstream":["CVE-2013-4148","CVE-2013-4149","CVE-2013-4150","CVE-2013-4151","CVE-2013-4526","CVE-2013-4527","CVE-2013-4529","CVE-2013-4530","CVE-2013-4531","CVE-2013-4532","CVE-2013-4533","CVE-2013-4534","CVE-2013-4535","CVE-2013-4536","CVE-2013-4537","CVE-2013-4538","CVE-2013-4539","CVE-2013-4540","CVE-2013-4541","CVE-2013-4542","CVE-2013-6399","CVE-2014-0142","CVE-2014-0143","CVE-2014-0144","CVE-2014-0145","CVE-2014-0146","CVE-2014-0147","CVE-2014-0182","CVE-2014-0222","CVE-2014-0223","CVE-2014-3461","CVE-2014-3471","UBUNTU-CVE-2013-4148","UBUNTU-CVE-2013-4149","UBUNTU-CVE-2013-4150","UBUNTU-CVE-2013-4151","UBUNTU-CVE-2013-4526","UBUNTU-CVE-2013-4527","UBUNTU-CVE-2013-4529","UBUNTU-CVE-2013-4530","UBUNTU-CVE-2013-4531","UBUNTU-CVE-2013-4532","UBUNTU-CVE-2013-4533","UBUNTU-CVE-2013-4534","UBUNTU-CVE-2013-4535","UBUNTU-CVE-2013-4536","UBUNTU-CVE-2013-4537","UBUNTU-CVE-2013-4538","UBUNTU-CVE-2013-4539","UBUNTU-CVE-2013-4540","UBUNTU-CVE-2013-4541","UBUNTU-CVE-2013-4542","UBUNTU-CVE-2013-6399","UBUNTU-CVE-2014-0142","UBUNTU-CVE-2014-0143","UBUNTU-CVE-2014-0144","UBUNTU-CVE-2014-0145","UBUNTU-CVE-2014-0146","UBUNTU-CVE-2014-0147","UBUNTU-CVE-2014-0182","UBUNTU-CVE-2014-0222","UBUNTU-CVE-2014-0223","UBUNTU-CVE-2014-3461","UBUNTU-CVE-2014-3471"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2342-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4148"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4149"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4150"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4151"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4526"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4527"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4529"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4530"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4531"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4532"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4533"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4534"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4535"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4536"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4537"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4538"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4539"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4540"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4541"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4542"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-6399"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0142"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0143"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0144"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0145"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0146"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0147"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0182"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0222"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0223"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3461"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3471"}],"affected":[{"package":{"name":"qemu","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.3?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0+dfsg-2ubuntu1.3"}]}],"versions":["1.5.0+dfsg-3ubuntu5","1.5.0+dfsg-3ubuntu6","1.6.0+dfsg-2ubuntu1","1.6.0+dfsg-2ubuntu2","1.6.0+dfsg-2ubuntu3","1.6.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu1","1.7.0+dfsg-2ubuntu2","1.7.0+dfsg-2ubuntu3","1.7.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu5","1.7.0+dfsg-2ubuntu7","1.7.0+dfsg-2ubuntu8","1.7.0+dfsg-2ubuntu9","1.7.0+dfsg-3ubuntu1~ppa1","1.7.0+dfsg-3ubuntu1","1.7.0+dfsg-3ubuntu2","1.7.0+dfsg-3ubuntu3","1.7.0+dfsg-3ubuntu4","1.7.0+dfsg-3ubuntu5","1.7.0+dfsg-3ubuntu6","1.7.0+dfsg-3ubuntu7","2.0.0~rc1+dfsg-0ubuntu1","2.0.0~rc1+dfsg-0ubuntu2","2.0.0~rc1+dfsg-0ubuntu3","2.0.0~rc1+dfsg-0ubuntu3.1","2.0.0+dfsg-2ubuntu1","2.0.0+dfsg-2ubuntu1.1","2.0.0+dfsg-2ubuntu1.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-common"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-guest-agent"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-keymaps"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-kvm"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-system"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-system-aarch64"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-system-arm"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-system-common"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-system-mips"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-system-misc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-system-ppc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-system-sparc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-system-x86"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-user"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-user-static"},{"binary_version":"2.0.0+dfsg-2ubuntu1.3","binary_name":"qemu-utils"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2013-4148","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4149","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4150","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4151","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4526","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4527","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4529","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4530","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4531","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4532","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4533","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4534","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4535","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4536","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4537","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4538","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4539","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4540","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4541","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-4542","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2013-6399","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2014-0182","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2014-0222","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-0223","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-3461","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2014-3471","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2342-1.json"}}],"schema_version":"1.7.3"}