Vulnerability CVE-2013-4344: Information

Description

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

Severity: HIGH (7.2)

URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4344
Published: Oct. 4, 2013
Modified: Aug. 11, 2020
Error type identifier: CWE-120

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
qemusisyphus1.7.0-alt18.2.3-alt1ALT-PU-2013-1219-1109591Fixed
qemup101.7.0-alt18.2.2-alt0.p10.1ALT-PU-2013-1219-1109591Fixed
qemup91.7.0-alt15.2.0-alt6ALT-PU-2013-1219-1109591Fixed
qemuc10f11.7.0-alt18.2.2-alt0.p10.1ALT-PU-2013-1219-1109591Fixed
qemuc9f21.7.0-alt15.2.0-alt6.c9.1ALT-PU-2013-1219-1109591Fixed
qemuc72.5.0-alt0.M70C.12.5.1.1-alt0.M70C.5ALT-PU-2016-1271-1161338Fixed
qemup111.7.0-alt18.2.3-alt1ALT-PU-2013-1219-1109591Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
[oss-security] 20131002 Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow
  • Mailing List
  • Third Party Advisory
98028
  • Broken Link
62773
  • Third Party Advisory
  • VDB Entry
[qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released
  • Broken Link
RHSA-2013:1754
  • Third Party Advisory
RHSA-2013:1553
  • Third Party Advisory
USN-2092-1
  • Third Party Advisory
openSUSE-SU-2014:1281
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2014:1279
  • Mailing List
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
      End including
      1.6.2

      Configuration 2

      cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
      cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top