Launchpad CVE tracker

CVE 2014-8106

Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.

Related bugs and status

CVE-2014-8106 (Candidate) is related to these bugs:

Bug #1400775: CVE-2014-8106 insufficient blit region check

		In	Importance	Status
1400775	CVE-2014-8106 insufficient blit region check	qemu (Ubuntu)	Undecided	Fix Released
1400775	CVE-2014-8106 insufficient blit region check	qemu (Ubuntu Lucid)	Undecided	Invalid
1400775	CVE-2014-8106 insufficient blit region check	qemu (Ubuntu Utopic)	Undecided	Fix Released
1400775	CVE-2014-8106 insufficient blit region check	qemu (Ubuntu Precise)	Undecided	Invalid
1400775	CVE-2014-8106 insufficient blit region check	qemu (Ubuntu Vivid)	Undecided	Fix Released
1400775	CVE-2014-8106 insufficient blit region check	qemu (Ubuntu Trusty)	Undecided	Fix Released
1400775	CVE-2014-8106 insufficient blit region check	qemu-kvm (Ubuntu)	Undecided	Invalid
1400775	CVE-2014-8106 insufficient blit region check	qemu-kvm (Ubuntu Lucid)	Undecided	Fix Released
1400775	CVE-2014-8106 insufficient blit region check	qemu-kvm (Ubuntu Precise)	Undecided	Fix Released
1400775	CVE-2014-8106 insufficient blit region check	qemu-kvm (Ubuntu Trusty)	Undecided	Invalid
1400775	CVE-2014-8106 insufficient blit region check	qemu-kvm (Ubuntu Utopic)	Undecided	Invalid
1400775	CVE-2014-8106 insufficient blit region check	qemu-kvm (Ubuntu Vivid)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-8106

References