VIR Vulnerability Intelligence Relay

CVE-2014-3615

low
Published 2014-11-01 · Modified 2026-05-06
CVSS v3
CVSS v2
2.1
VIR risk
2.1

Description

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-3615

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=1139115

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2014-3615.html

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debian7.0affected
suse suse13.1affected
ubuntu ubuntu10.04affected
ubuntu ubuntu12.04affected
ubuntu ubuntu14.04affected
ubuntu ubuntu14.10affected
redhat rhel7.0affected
redhat rhel7.3affected
redhat rhel7.4affected
redhat rhel7.5affected
redhat rhel7.6affected
redhat rhel7.7affected
debian debianbookwormfixed2.1+dfsg-5
debian debianbullseyefixed2.1+dfsg-5
debian debianforkyfixed2.1+dfsg-5
debian debiansidfixed2.1+dfsg-5
debian debiantrixiefixed2.1+dfsg-5

Application impact
VendorProductVersionsFixed
qemuqemu{"endIncluding":"2.1.3"}
redhat redhatopenstack5.0
redhat redhatvirtualization3.0

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.