Vulnerability-Lookup

CERTFR-2014-AVI-452

Vulnerability from certfr_avis - Published: 2014-10-29 - Updated: 2014-10-29

De multiples vulnérabilités ont été corrigées dans Qemu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Qemu-kvm

References

Title

Publication Time

CVE-2013-4534 (GCVE-0-2013-4534)

Vulnerability from cvelistv5 – Published: 2014-11-04 21:00 – Updated: 2024-08-06 16:45

Summary

Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

4 references

URL	Tags
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3B…	x_refsource_CONFIRM
http://lists.nongnu.org/archive/html/qemu-stable/…	mailing-listx_refsource_MLIST
http://lists.gnu.org/archive/html/qemu-devel/2013…	mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public

2013-12-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=73d963c0a75cb99c6aaa3f6f25e427aa0b35a02e"
          },
          {
            "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
          },
          {
            "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
          },
          {
            "name": "FEDORA-2014-6288",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-04T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=73d963c0a75cb99c6aaa3f6f25e427aa0b35a02e"
        },
        {
          "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
        },
        {
          "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
        },
        {
          "name": "FEDORA-2014-6288",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4534",
    "datePublished": "2014-11-04T21:00:00.000Z",
    "dateReserved": "2013-06-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:45:14.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4535 (GCVE-0-2013-4535)

Vulnerability from cvelistv5 – Published: 2020-02-11 15:35 – Updated: 2024-08-06 16:45

Summary

The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.

Severity

No CVSS data available.

CWE

Integer Signedness Error

Assigner

redhat

References

6 references

URL	Tags
http://lists.nongnu.org/archive/html/qemu-stable/…	x_refsource_MISC
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3B…	x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-…	x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2014-0743.html	x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2014-0744.html	x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1066401	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	QEMU	Affected: before 1.7.2

Date Public

2014-05-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QEMU",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.7.2"
            }
          ]
        }
      ],
      "datePublic": "2014-05-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer Signedness Error",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-11T15:35:48.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4535",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "QEMU",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.7.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Integer Signedness Error"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html",
              "refsource": "MISC",
              "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
            },
            {
              "name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4",
              "refsource": "MISC",
              "url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4"
            },
            {
              "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html",
              "refsource": "MISC",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
            },
            {
              "name": "http://rhn.redhat.com/errata/RHSA-2014-0743.html",
              "refsource": "MISC",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
            },
            {
              "name": "http://rhn.redhat.com/errata/RHSA-2014-0744.html",
              "refsource": "MISC",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4535",
    "datePublished": "2020-02-11T15:35:48.000Z",
    "dateReserved": "2013-06-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:45:14.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4536 (GCVE-0-2013-4536)

Vulnerability from cvelistv5 – Published: 2021-05-28 16:58 – Updated: 2024-08-06 16:45

Summary

An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

Severity

No CVSS data available.

CWE

CWE-269

Assigner

redhat

References

2 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1066401	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2021072…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
n/a	qemu	Affected: qemu-kvm 1.5.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.837Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210727-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "qemu",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "qemu-kvm 1.5.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-27T15:06:36.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210727-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4536",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "qemu",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "qemu-kvm 1.5.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210727-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210727-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4536",
    "datePublished": "2021-05-28T16:58:49.000Z",
    "dateReserved": "2013-06-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:45:14.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4537 (GCVE-0-2013-4537)

Vulnerability from cvelistv5 – Published: 2014-11-04 21:00 – Updated: 2024-08-06 16:45

Summary

The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

4 references

URL	Tags
http://lists.nongnu.org/archive/html/qemu-stable/…	mailing-listx_refsource_MLIST
http://lists.gnu.org/archive/html/qemu-devel/2013…	mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a9…	x_refsource_CONFIRM

Date Public

2013-12-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.838Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
          },
          {
            "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
          },
          {
            "name": "FEDORA-2014-6288",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a9c380db3b8c6af19546a68145c8d1438a09c92b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-04T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
        },
        {
          "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
        },
        {
          "name": "FEDORA-2014-6288",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a9c380db3b8c6af19546a68145c8d1438a09c92b"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4537",
    "datePublished": "2014-11-04T21:00:00.000Z",
    "dateReserved": "2013-06-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:45:14.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4538 (GCVE-0-2013-4538)

Vulnerability from cvelistv5 – Published: 2014-11-04 21:00 – Updated: 2024-08-06 16:45

Summary

Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

4 references

URL	Tags
http://lists.nongnu.org/archive/html/qemu-stable/…	mailing-listx_refsource_MLIST
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ea…	x_refsource_CONFIRM
http://lists.gnu.org/archive/html/qemu-devel/2013…	mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public

2013-12-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:15.090Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead7a57df37d2187813a121308213f41591bd811"
          },
          {
            "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
          },
          {
            "name": "FEDORA-2014-6288",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-04T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead7a57df37d2187813a121308213f41591bd811"
        },
        {
          "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
        },
        {
          "name": "FEDORA-2014-6288",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4538",
    "datePublished": "2014-11-04T21:00:00.000Z",
    "dateReserved": "2013-06-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:45:15.090Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4539 (GCVE-0-2013-4539)

Vulnerability from cvelistv5 – Published: 2014-11-04 21:00 – Updated: 2024-08-06 16:45

Summary

Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

4 references

URL	Tags
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=51…	x_refsource_CONFIRM
http://lists.nongnu.org/archive/html/qemu-stable/…	mailing-listx_refsource_MLIST
http://lists.gnu.org/archive/html/qemu-devel/2013…	mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public

2013-12-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5193be3be35f29a35bc465036cd64ad60d43385f"
          },
          {
            "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
          },
          {
            "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
          },
          {
            "name": "FEDORA-2014-6288",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-04T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5193be3be35f29a35bc465036cd64ad60d43385f"
        },
        {
          "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
        },
        {
          "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
        },
        {
          "name": "FEDORA-2014-6288",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4539",
    "datePublished": "2014-11-04T21:00:00.000Z",
    "dateReserved": "2013-06-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:45:14.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4540 (GCVE-0-2013-4540)

Vulnerability from cvelistv5 – Published: 2014-11-04 21:00 – Updated: 2024-08-06 16:45

Summary

Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

6 references

URL	Tags
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.nongnu.org/archive/html/qemu-stable/…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.gnu.org/archive/html/qemu-devel/2013…	mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=52…	x_refsource_CONFIRM

Date Public

2013-12-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:1281",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
          },
          {
            "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
          },
          {
            "name": "openSUSE-SU-2014:1279",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
          },
          {
            "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
          },
          {
            "name": "FEDORA-2014-6288",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=52f91c3723932f8340fe36c8ec8b18a757c37b2b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-24T15:57:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:1281",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
        },
        {
          "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
        },
        {
          "name": "openSUSE-SU-2014:1279",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
        },
        {
          "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
        },
        {
          "name": "FEDORA-2014-6288",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=52f91c3723932f8340fe36c8ec8b18a757c37b2b"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4540",
    "datePublished": "2014-11-04T21:00:00.000Z",
    "dateReserved": "2013-06-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:45:14.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4541 (GCVE-0-2013-4541)

Vulnerability from cvelistv5 – Published: 2014-11-04 21:00 – Updated: 2024-08-06 16:45

Summary

The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

5 references

URL	Tags
http://rhn.redhat.com/errata/RHSA-2014-0743.html	vendor-advisoryx_refsource_REDHAT
http://lists.nongnu.org/archive/html/qemu-stable/…	mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2014-0744.html	vendor-advisoryx_refsource_REDHAT
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3B…	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public

2014-05-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2014:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
          },
          {
            "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
          },
          {
            "name": "RHSA-2014:0744",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f8e9895c504149d7048e9fc5eb5cbb34b16e49a"
          },
          {
            "name": "FEDORA-2014-6288",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-04T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2014:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
        },
        {
          "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
        },
        {
          "name": "RHSA-2014:0744",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f8e9895c504149d7048e9fc5eb5cbb34b16e49a"
        },
        {
          "name": "FEDORA-2014-6288",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4541",
    "datePublished": "2014-11-04T21:00:00.000Z",
    "dateReserved": "2013-06-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:45:14.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4542 (GCVE-0-2013-4542)

Vulnerability from cvelistv5 – Published: 2014-11-04 21:00 – Updated: 2024-08-06 16:45

Summary

The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

5 references

URL	Tags
http://rhn.redhat.com/errata/RHSA-2014-0743.html	vendor-advisoryx_refsource_REDHAT
http://lists.nongnu.org/archive/html/qemu-stable/…	mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2014-0744.html	vendor-advisoryx_refsource_REDHAT
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3B…	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public

2014-05-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:15.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2014:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
          },
          {
            "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
          },
          {
            "name": "RHSA-2014:0744",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3c3ce981423e0d6c18af82ee62f1850c2cda5976"
          },
          {
            "name": "FEDORA-2014-6288",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-04T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2014:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
        },
        {
          "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
        },
        {
          "name": "RHSA-2014:0744",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3c3ce981423e0d6c18af82ee62f1850c2cda5976"
        },
        {
          "name": "FEDORA-2014-6288",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4542",
    "datePublished": "2014-11-04T21:00:00.000Z",
    "dateReserved": "2013-06-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:45:15.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6399 (GCVE-0-2013-6399)

Vulnerability from cvelistv5 – Published: 2014-11-04 21:00 – Updated: 2024-08-06 17:39

Summary

Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

5 references

URL	Tags
http://rhn.redhat.com/errata/RHSA-2014-0743.html	vendor-advisoryx_refsource_REDHAT
http://lists.nongnu.org/archive/html/qemu-stable/…	mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2014-0744.html	vendor-advisoryx_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3B…	x_refsource_CONFIRM

Date Public

2014-05-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2014:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
          },
          {
            "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
          },
          {
            "name": "RHSA-2014:0744",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
          },
          {
            "name": "FEDORA-2014-6288",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-04T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2014:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
        },
        {
          "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
        },
        {
          "name": "RHSA-2014:0744",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
        },
        {
          "name": "FEDORA-2014-6288",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6399",
    "datePublished": "2014-11-04T21:00:00.000Z",
    "dateReserved": "2013-11-04T00:00:00.000Z",
    "dateUpdated": "2024-08-06T17:39:01.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2014-AVI-452

Contournement provisoire

CVE-2013-4534 (GCVE-0-2013-4534)

CVE-2013-4535 (GCVE-0-2013-4535)

CVE-2013-4536 (GCVE-0-2013-4536)

CVE-2013-4537 (GCVE-0-2013-4537)

CVE-2013-4538 (GCVE-0-2013-4538)

CVE-2013-4539 (GCVE-0-2013-4539)

CVE-2013-4540 (GCVE-0-2013-4540)

CVE-2013-4541 (GCVE-0-2013-4541)

CVE-2013-4542 (GCVE-0-2013-4542)

CVE-2013-6399 (GCVE-0-2013-6399)

Tags

Sightings

Nomenclature