CVE-2013-4344
published 2013-10-04CVE-2013-4344: Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain…
high7.2CVSS 3.1
AVLACLAuNCCICAC
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | qemu | < qemu 1.6.0+dfsg-2 (bookworm) | qemu 1.6.0+dfsg-2 (bookworm) |
| debian | xen | < qemu 1.6.0+dfsg-2 (bookworm) | qemu 1.6.0+dfsg-2 (bookworm) |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| qemu | qemu | <= 1.6.2 | — |
| qemu | qemu | >= 0 < 1.6.0+dfsg-2 | 1.6.0+dfsg-2 |
| qemu | qemu | >= 0 < 1.6.0+dfsg-2 | 1.6.0+dfsg-2 |
| qemu | qemu | >= 0 < 1.6.0+dfsg-2 | 1.6.0+dfsg-2 |
| qemu | qemu | >= 0 < 1.6.0+dfsg-2 | 1.6.0+dfsg-2 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | virtualization | — | — |
| xen | xen | >= 0 < 4.2-1 | 4.2-1 |
| xen | xen | >= 0 < 4.2-1 | 4.2-1 |
| xen | xen | >= 0 < 4.2-1 | 4.2-1 |
| xen | xen | >= 0 < 4.2-1 | 4.2-1 |
CVSS provenance
nvd7.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH