Vulnerability CVE-2013-4344: Information
Description
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
Severity: HIGH (7.2)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
qemu | sisyphus | 1.7.0-alt1 | 8.2.3-alt1 | ALT-PU-2013-1219-1 | 109591 | Fixed |
qemu | p10 | 1.7.0-alt1 | 8.2.2-alt0.p10.1 | ALT-PU-2013-1219-1 | 109591 | Fixed |
qemu | p9 | 1.7.0-alt1 | 5.2.0-alt6 | ALT-PU-2013-1219-1 | 109591 | Fixed |
qemu | c10f1 | 1.7.0-alt1 | 8.2.2-alt0.p10.1 | ALT-PU-2013-1219-1 | 109591 | Fixed |
qemu | c9f2 | 1.7.0-alt1 | 5.2.0-alt6.c9.1 | ALT-PU-2013-1219-1 | 109591 | Fixed |
qemu | c7 | 2.5.0-alt0.M70C.1 | 2.5.1.1-alt0.M70C.5 | ALT-PU-2016-1271-1 | 161338 | Fixed |
qemu | p11 | 1.7.0-alt1 | 8.2.3-alt1 | ALT-PU-2013-1219-1 | 109591 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
[oss-security] 20131002 Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow |
|
98028 |
|
62773 |
|
[qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released |
|
RHSA-2013:1754 |
|
RHSA-2013:1553 |
|
USN-2092-1 |
|
openSUSE-SU-2014:1281 |
|
openSUSE-SU-2014:1279 |
|