CVEs-PoC/2014/CVE-2014-0148.md

### [CVE-2014-0148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0148)
![](https://img.shields.io/static/v1?label=Product&message=Qemu&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%202.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Live-Hack-CVE/CVE-2014-0148