CVE-2014-7840
EPSS 2.5%
Description
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
How to fix CVE-2014-7840
To remediate CVE-2014-7840, upgrade the affected package to a fixed version below.
- Debian/qemu—upgrade to 2.1+dfsg-8 or later
Is CVE-2014-7840 being exploited?
Low — EPSS is 2.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.1+dfsg-8