Off-by-one error in ACPI PCI hotplug interface allows memory corruption and information disclosure

Off-by-one error in ACPI PCI hotplug interface allows memory corruption and information disclosure

CVE-2014-5388 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.

Learn more about our User Device Pen Test.