QEMU 'arch _ init. c' Local Memory Corruption Vulnerability
Release date:
Updated on:
Affected Systems:
QEMU
Description:
Bugtraq id: 71658
CVE (CAN) ID: CVE-2014-7840
QEMU is an open source simulator software.
When RAM is loaded during QEMU migration, the host_from_stream_offset function of arch_init.c has the Local Memory Corruption Vulnerability. Remote attackers can execute arbitrary code by using the offset or length value in the savevm data.
<* Source: Michael S. Tsirkin
Link: http://xforce.iss.net/xforce/xfdb/99194
*>
Suggestion:
Vendor patch:
QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://git.qemu.org /? P = qemu. git; a = commit; h = 0be839a2701369f669532ea5884c15bead1c6e08
Https://bugzilla.redhat.com/show_bug.cgi? Id = 1163075
Ubuntu 12.04 cannot find the Qemu command
Install QEMU + efi bios on Arch Linux
QEMU translation framework and debugging tools
QEMU code analysis: BIOS loading process
QEMU details: click here
QEMU: click here
This article permanently updates the link address: