SUSE-SU-2015:0349-1

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2014-7840 CVE-2014-8106

Published: 10 Feb 2015, 19:17

Last modified:04 Feb 2026, 03:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

10 Feb 2015, 19:17

Published

Vulnerability first disclosed

04 Feb 2026, 03:26

Last Modified

Vulnerability information updated

Description

Security update for qemu QEMU was updated to fix various bugs and security issues. Following security issues were fixed: CVE-2014-8106: Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU allowed local guest users to execute arbitrary code via vectors related to blit regions. CVE-2014-7840: The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allowed remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. Also a bug was fixed where qemu-img convert could occasionaly corrupt images. (bsc#908380)

Affected Systems

suse•qemu&distro=SUSE Linux Enterprise Desktop 12
< 2.0.2-42.1
suse•qemu&distro=SUSE Linux Enterprise Server 12
< 2.0.2-42.1
suse•qemu&distro=SUSE Linux Enterprise Server for SAP Applications 12
< 2.0.2-42.1

SUSE-SU-2015:0349-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (6)