CVE-2013-4536Improper Privilege Management in Qemu

CWE-269Improper Privilege ManagementCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
7.8HIGHNVD
OSV7.5
EPSS
0.0%
top 86.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
QemuDebian Qemu
Timeline
PublishedMay 28
Latest updateMay 5

Description

An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDqemu/qemu< 1.5.3
debiandebian/qemu< qemu 2.1+dfsg-1 (bookworm)
Debianqemu/qemu< 2.1+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.3
CVEListV5qemu/qemuqemu-kvm 1.5.3

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-9gq4-xvgv-m3gv: An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on2022-05-05
OSV
CVE-2013-4536: An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on2021-05-28
OSV
qemu, qemu-kvm vulnerabilities2014-09-08

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2014-09-08
Red Hat
qemu: virtio: insufficient validation of num_sg when mapping2013-12-03
Debian
CVE-2013-4536: qemu - An user able to alter the savevm data (either on the disk or over the wire durin...2013

💬Community

2
Bugzilla
CVE-2013-4535 CVE-2013-4536 qemu: virtio: insufficient validation of num_sg when mapping [fedora-all]2014-05-08
Bugzilla
CVE-2013-4535 CVE-2013-4536 qemu: virtio: insufficient validation of num_sg when mapping2014-02-18