PT-2014-1867 · Qemu+5 · Qemu+8

Laszlo Ersek

Published

2014-10-20

Updated

2020-08-11

CVE-2014-3615

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libcacard-devel versions 1.5.3 libcacard versions 1.5.3 libcacard-tools versions 1.5.3 QEMU (affected versions not specified)

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. In QEMU, the VGA emulator allows local guest users to read host memory by setting the display to a high resolution.

Recommendations For libcacard-devel version 1.5.3, update to a version that contains a fix for this issue. For libcacard version 1.5.3, update to a version that contains a fix for this issue. For libcacard-tools version 1.5.3, update to a version that contains a fix for this issue. For QEMU, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2014-2465

BDU:2015-07328

BDU:2015-07329

BDU:2015-07330

CESA-2014_1669

CVE-2014-3615

DSA-3044-1

DSA-3045-1

MGASA-2014-0426

OPENSUSE-SU-2015_0732-1

OPENSUSE-SU-2015_1092-1

OPENSUSE-SU-2016_2494-1

OPENSUSE-SU-2016_2497-1

RHSA-2014:1669

RHSA-2014:1670

RHSA-2014:1941

RHSA-2014_1669

SUSE-SU-2015:0613-1

SUSE-SU-2015_0613-1

SUSE-SU-2016:1560-1

SUSE-SU-2016:1698-1

SUSE-SU-2016:1785-1

SUSE-SU-2016:2528-1

SUSE-SU-2016:2533-1

SUSE-SU-2016:2725-1

SUSE-SU-2016_1560-1

SUSE-SU-2016_1698-1

SUSE-SU-2016_1785-1

SUSE-SU-2016_2528-1

SUSE-SU-2016_2533-1

SUSE-SU-2016_2725-1

USN-2409-1

Affected Products

Alt Linux

Centos

Qemu

Red Hat

Suse

Ubuntu

Libcacard

Libcacard-Devel

Libcacard-Tools

PT-2014-1867 · Qemu+5 · Qemu+8

CVE-2014-3615

Weakness Enumeration

Related Identifiers

Affected Products

References · 422