CVE-2014-0150
qemu-kvm - security update
EPSS 0.47%
Description
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
How to fix CVE-2014-0150
To remediate CVE-2014-0150, upgrade the affected package to a fixed version below.
- Debian/qemu—upgrade to 1.7.0+dfsg-8 or later
- Debian/qemu—upgrade to 0.12.5+dfsg-3squeeze4 or later
- Debian/qemu-kvm—upgrade to 0.12.5+dfsg-5+squeeze11 or later
Is CVE-2014-0150 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.7.0+dfsg-8
- from 0, < 0.12.5+dfsg-3squeeze4
- from 0, < 0.12.5+dfsg-5+squeeze11