CVE-2014-0150

EPSS 0.47%

qemu-kvm - security update

Published: 4/18/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-0150

Description

Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.

Affected packages (3)

Debian/qemufrom 0, < 1.7.0+dfsg-8
Debian/qemufrom 0, < 0.12.5+dfsg-3squeeze4
Debian/qemu-kvmfrom 0, < 0.12.5+dfsg-5+squeeze11

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0150