CVE-2014-7840
Find out more about CVE-2014-7840 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue affects the qemu-kvm packages as shipped with Red Hat Enterprise
Linux 5, 6 and 7. Future updates for the respective releases may address this
issue.
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and
maintenance life cycle. This has been rated as having Moderate security impact
and is not currently planned to be addressed in future updates. For additional
information, refer to the Red Hat Enterprise Linux Life Cycle:
https://access.redhat.com/support/policy/updates/errata/.
CVSS v2 metrics
| Base Score | 3.7 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:N/C:P/I:P/A:P |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (qemu-kvm-rhev) | RHSA-2015:0624 | 2015-03-05 |
| Red Hat Enterprise Linux 7 (qemu-kvm) | RHSA-2015:0349 | 2015-03-05 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) | qemu-kvm-rhev | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 4.0 | qemu-kvm-rhev | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 3.0 | qemu-kvm-rhev | Will not fix |
| Red Hat Enterprise Linux 6 | qemu-kvm | Will not fix |
| Red Hat Enterprise Linux 5 | kvm | Fix deferred |