CVE-2013-2016

CWE-269 — Improper Privilege Management CWE-94 — Code Injection39 documents19 sources

Severity

7.8HIGH

EPSS

0.1%

top 77.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Qemu Qemu Qemu (virtio-rng)Debian Debian Linux +2 more

Timeline

PublishedDec 30

Latest updateMay 14

Description

A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5qemu/qemu_(virtio-rng)v1.3.0 and later

▶Debianqemu< 1.5.0+dfsg-1+3

▶NVDqemu/qemu1.3.0 — 1.4.2+1

▶NVDnovell/open_desktop_server11.0

▶NVDnovell/open_enterprise_server11.0

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: lists.opensuse.org ↗Patch: github.com ↗Patch: lists.opensuse.org ↗

🔴Vulnerability Details

GHSA

Bundler allows attacker to inject arbitrary code via secondary Gem source↗2022-05-14

▶

GHSA

GHSA-hch7-9gh2-qf6g: A flaw was found in the way qemu v1↗2022-05-05

▶

OSV

CVE-2013-2016: A flaw was found in the way qemu v1↗2019-12-30

▶

CVEList

CVE-2013-2016: A flaw was found in the way qemu v1↗2019-12-30

▶

OSV

linux-lts-vivid vulnerabilities↗2016-03-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Word 2013/2016 - sprmSdyaTop Denial of Service (MS16-099)↗2016-08-16

▶

Metasploit

Microsoft Exchange ProxyLogon Collector↗

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-03-09

▶

Jenkins

Jenkins Security Advisory 2016-06-20↗2016-06-20

▶

Red Hat

JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix↗2016-04-14

▶

Red Hat

qemu: virtio: out-of-bounds config space access↗2013-04-25

▶

Debian

CVE-2013-2016: qemu - A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates address...↗2013

▶

💬Community

Bugzilla

CVE-2013-5653 ghostscript: getenv and filenameforall ignore -dSAFER↗2016-09-29

▶

Bugzilla

CVE-2013-7458 redis: world-readable ~/.rediscli_history↗2016-08-03

▶

Bugzilla

CVE-2016-6213 kernel: Overflowing kernel mount table using shared bind mount↗2016-07-14

▶

Bugzilla

CVE-2016-3706 glibc: stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458)↗2016-04-27

▶

Bugzilla

CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)↗2016-03-23

▶