{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-01T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20141204 CVE-2014-8106 qemu: cirrus: insufficient blit region checks", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/12/04/8"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a"}, {"name": "RHSA-2015:0795", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0795.html"}, {"name": "RHSA-2015:0624", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"}, {"name": "FEDORA-2015-5482", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"}, {"name": "RHSA-2015:0891", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0891.html"}, {"name": "71477", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71477"}, {"name": "RHSA-2015:0643", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0643.html"}, {"name": "qemu-cve20148106-sec-bypass(99126)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126"}, {"name": "60364", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60364"}, {"name": "RHSA-2015:0349", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"}, {"name": "RHSA-2015:0868", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0868.html"}, {"name": "[Qemu-devel] 20141204 [PULL for-2.2 0/2] cirrus: fix blit region check (cve-2014-8106)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0"}, {"name": "DSA-3088", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3088"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX200892"}, {"name": "DSA-3087", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3087"}, {"name": "RHSA-2015:0867", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0867.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:50.632Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20141204 CVE-2014-8106 qemu: cirrus: insufficient blit region checks", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/12/04/8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a"}, {"name": "RHSA-2015:0795", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0795.html"}, {"name": "RHSA-2015:0624", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"}, {"name": "FEDORA-2015-5482", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"}, {"name": "RHSA-2015:0891", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0891.html"}, {"name": "71477", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71477"}, {"name": "RHSA-2015:0643", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0643.html"}, {"name": "qemu-cve20148106-sec-bypass(99126)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126"}, {"name": "60364", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60364"}, {"name": "RHSA-2015:0349", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"}, {"name": "RHSA-2015:0868", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0868.html"}, {"name": "[Qemu-devel] 20141204 [PULL for-2.2 0/2] cirrus: fix blit region check (cve-2014-8106)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0"}, {"name": "DSA-3088", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3088"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX200892"}, {"name": "DSA-3087", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3087"}, {"name": "RHSA-2015:0867", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0867.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8106", "datePublished": "2014-12-08T16:00:00.000Z", "dateReserved": "2014-10-10T00:00:00.000Z", "dateUpdated": "2024-08-06T13:10:50.632Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B61730A-98E3-4FE5-BAEB-5254AC84F52F", "versionEndIncluding": "2.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A47A306F-4E42-467E-ACDA-62028DC93436", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "F7AE8D2A-FD6E-447F-BDC1-6CAAA0DDB9DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8E48B585-A3E2-45FC-AA92-5DB57180B7DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "B0D54B9C-8C30-4186-A526-CE8AEE6252BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "E2F698F7-74B9-4C20-817D-1E8B92460E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "C4B9D60F-DC78-4270-A41D-3C29FF53F4AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DFAF4478-81BE-4891-8C13-0A8D8FEE46A7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el emulador Cirrus VGA (hw/display/cirrus_vga.c) en QEMU anterior a 2.2.0 permite a usuarios locales invotados ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con las regiones blit. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2007-1320."}], "id": "CVE-2014-8106", "lastModified": "2026-05-06T22:30:45.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-08T16:59:01.370", "references": [{"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a"}, {"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"}, {"source": "secalert@redhat.com", "url": "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0643.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0795.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0867.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0868.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0891.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/60364"}, {"source": "secalert@redhat.com", "url": "http://support.citrix.com/article/CTX200892"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.debian.org/security/2014/dsa-3087"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.debian.org/security/2014/dsa-3088"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/12/04/8"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/71477"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0643.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0795.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0867.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0868.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0891.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60364"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.citrix.com/article/CTX200892"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.debian.org/security/2014/dsa-3087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.debian.org/security/2014/dsa-3088"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/12/04/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/71477"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Paolo Bonzini (Red Hat).", "affected_release": [{"advisory": "RHSA-2015:0891", "cpe": "cpe:/a:redhat:openstack:4::el6", "package": "qemu-kvm-rhev-2:0.12.1.2-2.448.el6_6.2", "product_name": "OpenStack 4 for RHEL 6", "release_date": "2015-04-28T00:00:00Z"}, {"advisory": "RHSA-2015:0867", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "qemu-kvm-2:0.12.1.2-2.448.el6_6.2", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-04-21T00:00:00Z"}, {"advisory": "RHSA-2015:0349", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "qemu-kvm-10:1.5.3-86.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0891", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "qemu-kvm-rhev-2:0.12.1.2-2.448.el6_6.2", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2015-04-28T00:00:00Z"}, {"advisory": "RHSA-2015:0795", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "qemu-kvm-rhev-10:2.1.2-23.el7", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2015-04-09T00:00:00Z"}, {"advisory": "RHSA-2015:0643", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "qemu-kvm-rhev-10:2.1.2-23.el7", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0868", "cpe": "cpe:/a:redhat:enterprise_linux:6::hypervisor", "package": "qemu-kvm-rhev-2:0.12.1.2-2.448.el6_6.2", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date": "2015-04-21T00:00:00Z"}, {"advisory": "RHSA-2015:0624", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qemu-kvm-rhev-10:2.1.2-23.el7", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "qemu: cirrus: insufficient blit region checks", "id": "1169454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169454"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-20->CWE-119", "details": ["Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.", "It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data."], "name": "CVE-2014-8106", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2014-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8106\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8106"], "statement": "This issue affects the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6, a future update may address this flaw.\nThis issue affects the kvm packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Important"}

{}