CVE-2014-3615

Description

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

CVSS Metrics

• v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.09%• Percentile: 26%

Techniques & Countermeasures

• CWE-200•Exposure of Sensitive Information to an Unauthorized Actor

  The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

• canonical•ubuntu_linux

  10.04 | 12.04 | 14.04 | 14.10

• debian•debian_linux

  7.0

• opensuse•opensuse

  13.1

• qemu•qemu

  ≤ 2.1.3

• redhat•enterprise_linux_desktop

  7.0

• redhat•enterprise_linux_eus

  7.3 | 7.4 | 7.5 | 7.6 | 7.7

• redhat•enterprise_linux_server

  7.0

• redhat•enterprise_linux_server_aus

  7.3 | 7.4 | 7.6 | 7.7

• redhat•enterprise_linux_server_tus

  7.3 | 7.6 | 7.7

• redhat•enterprise_linux_workstation

  7.0

• redhat•openstack

  5.0

• redhat•virtualization

  3.0

References (12)

• http://www.securityfocus.com/bid/69654
• https://bugzilla.redhat.com/show_bug.cgi?id=1139115
• http://rhn.redhat.com/errata/RHSA-2014-1941.html
• http://rhn.redhat.com/errata/RHSA-2014-1669.html
• http://www.debian.org/security/2014/dsa-3044
• http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ab9509cceabef28071e41bdfa073083859c949a7
• http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c1b886c45dc70f247300f549dce9833f3fa2def5
• http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
• http://rhn.redhat.com/errata/RHSA-2014-1670.html
• http://secunia.com/advisories/61829
• http://support.citrix.com/article/CTX200892
• http://www.ubuntu.com/usn/USN-2409-1