CVE-2014-0144: 
QEMU vulnerability analysis and mitigation

CVE-2014-0144 affects QEMU block drivers for CLOOP, QCOW2 version 2, and various other image formats in versions before 2.0.0. The vulnerability was discovered by multiple Red Hat researchers including Fam Zheng, Jeff Cody, Kevin Wolf, and Stefan Hajnoczi (CVE Details, Red Hat Bugzilla).

The vulnerability stems from missing input validations in various QEMU block drivers, which could lead to potential memory corruptions, integer/buffer overflows, or system crashes. The issue specifically affects multiple components including QCOW2 version 2's active L1 table offset and size, snapshot table offset/size, refcount table size, backing file offset, and header length, as well as validation issues in curl, VDI, VPC/VHD, and CLOOP image formats (Red Hat Bugzilla).

An attacker with the ability to modify disk image files loaded by a guest could exploit this vulnerability to crash the guest, corrupt QEMU process memory on the host, or potentially execute arbitrary code on the host with the privileges of the QEMU process (Red Hat Advisory).

Red Hat has released security updates to address this vulnerability in their Enterprise Linux 6 systems. Users are advised to upgrade to the updated packages. After installing the update, all running virtual machines must be shut down and restarted for the fix to take effect (Red Hat Advisory).