CVSS Score v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.0012
30.2th percentile
Risk Priority
11
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2014-0148 is a medium-severity Infinite Loop (CWE-835) vulnerability in Qemu Qemu . Its CVSS base score is 5.5 (Medium).
Operationally, ranked at the 30.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Vulnerability
Related Threats
Affected Assets
Mitigating Controls
Vulnerability details
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like…
more 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.
CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
redhat
virtualization
3.0
redhat
enterprise linux desktop
6.0
redhat
enterprise linux eus
6.5
redhat
enterprise linux openstack platform
5
redhat
enterprise linux server
6.0
redhat
enterprise linux server aus
6.5
redhat
enterprise linux server tus
6.5
redhat
enterprise linux workstation
6.0
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Enables transfer to alternate site if an infinite loop at the primary renders processing unavailable.
Detects and mitigates infinite loops that produce sustained resource consumption.
References
secalert@redhat.com
Third Party Advisory · secalert@redhat.com
Third Party Advisory · secalert@redhat.com
Mailing List, Patch, Third Party Advisory · secalert@redhat.com
Issue Tracking, Patch, Third Party Advisory · secalert@redhat.com
Mailing List, Patch, Third Party Advisory · secalert@redhat.com
af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
Mailing List, Patch, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
Issue Tracking, Patch, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
Mailing List, Patch, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108