CVE-2014-0143

Name of the Vulnerable Software and Affected Versions QEMU versions prior to 2.0.0

Description The issue is related to multiple integer overflows in the block drivers of QEMU. These overflows can be triggered by a local user through various means, including a crafted catalog size in the parallels open function or bochs open function, a large L1 table in the qcow2 snapshot load tmp function or qcow2 grow l1 table function, a large request in the bdrv check byte request function, crafted cluster indexes in the get refcount function, or a large number of blocks in the cloop open function. This can lead to a denial of service (crash) due to buffer overflows, memory corruption, large memory allocations, and out-of-bounds read and writes.

Recommendations For QEMU versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the block drivers to minimize the risk of exploitation. Avoid using the parallels open and bochs open functions with crafted catalog sizes, and limit the size of L1 tables in qcow2 snapshot load tmp and qcow2 grow l1 table functions. Additionally, restrict large requests in the bdrv check byte request function and crafted cluster indexes in the get refcount function.