Buffer underflow and memory corruption vulnerability in QEMU's cmd_smart function in hw/ide/core.c

Buffer underflow and memory corruption vulnerability in QEMU's cmd_smart function in hw/ide/core.c

CVE-2014-2894 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.

Learn more about our User Device Pen Test.