CVE-2014-8106 insufficient blit region check
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| qemu (Ubuntu) |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
| Lucid |
Invalid
|
Undecided
|
Unassigned | ||
| Precise |
Invalid
|
Undecided
|
Unassigned | ||
| Trusty |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
| Utopic |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
| Vivid |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
| qemu-kvm (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Lucid |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
| Precise |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
| Trusty |
Invalid
|
Undecided
|
Unassigned | ||
| Utopic |
Invalid
|
Undecided
|
Unassigned | ||
| Vivid |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
The following references describe an insufficient blit region check issue in qemu:
https:/
https:/
This vulnerability potentially allows root within a guest to perform a denial of service and perhaps execute arbitrary code with the privileges of the qemu host process.
Fixes upstream appear to be:
http://
http://
I am using the following, but believe this vulnerability exists in (at least) T, U and V. It may exist in P or L (unchecked).
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
| Alex Bligh (ubuntu-alex-org) wrote | #1 |
| information type: | Private Security → Public Security |
| Changed in qemu (Ubuntu Lucid): | |
| status: | New → Confirmed |
| Changed in qemu (Ubuntu Precise): | |
| status: | New → Confirmed |
| Changed in qemu (Ubuntu Trusty): | |
| status: | New → Confirmed |
| Changed in qemu (Ubuntu Utopic): | |
| status: | New → Confirmed |
| Changed in qemu (Ubuntu Vivid): | |
| status: | New → Confirmed |
| Changed in qemu (Ubuntu Lucid): | |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| Changed in qemu (Ubuntu Precise): | |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| Changed in qemu (Ubuntu Trusty): | |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| Changed in qemu (Ubuntu Utopic): | |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| Changed in qemu (Ubuntu Vivid): | |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| Changed in qemu-kvm (Ubuntu Trusty): | |
| status: | New → Invalid |
| Changed in qemu-kvm (Ubuntu Utopic): | |
| status: | New → Invalid |
| Changed in qemu-kvm (Ubuntu Vivid): | |
| status: | New → Invalid |
| Changed in qemu (Ubuntu Lucid): | |
| assignee: | Marc Deslauriers (mdeslaur) → nobody |
| status: | Confirmed → Invalid |
| Changed in qemu (Ubuntu Precise): | |
| assignee: | Marc Deslauriers (mdeslaur) → nobody |
| status: | Confirmed → Invalid |
| Changed in qemu-kvm (Ubuntu Lucid): | |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| status: | New → Confirmed |
| Changed in qemu-kvm (Ubuntu Precise): | |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| status: | New → Confirmed |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in qemu (Ubuntu Utopic): | |
| status: | Confirmed → Fix Released |
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in qemu-kvm (Ubuntu Lucid): | |
| status: | Confirmed → Fix Released |
| Launchpad Janitor (janitor) wrote | #4 |
| Changed in qemu (Ubuntu Trusty): | |
| status: | Confirmed → Fix Released |
| Launchpad Janitor (janitor) wrote | #5 |
| Changed in qemu-kvm (Ubuntu Precise): | |
| status: | Confirmed → Fix Released |
| Launchpad Janitor (janitor) wrote | #6 |
| Changed in qemu (Ubuntu Vivid): | |
| status: | Confirmed → Fix Released |
Made this public as the links to which it refers are public.