CVE-2014-5263
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors.
vmstate_xhci_event en hw/usb/hcd-xhci.c en QEMU 1.6.0 no termina la lista con la macro VMSTATE_END_OF_LIST, lo que permite a atacantes causar una denegación de servicio (acceso fuera de rango, bucle infinito, y corrupción de memoria) y posiblemente ganar privilegios a través de vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-08-15 CVE Reserved
- 2014-08-26 CVE Published
- 2024-05-22 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3afca1d6d413592c2b78cf28f52fa24a586d8f56 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2014/08/16/1 | Mailing List |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=1126543 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/08/04/1 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2409-1 | 2023-11-07 |