CVE-2013-4544 — Improper Input Validation in Qemu

CWE-20 — Improper Input Validation9 documents7 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 70.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Canonical Ubuntu Linux

Timeline

PublishedMay 8

Latest updateMay 17

Description

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 4.4 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/qemu< qemu 2.0.0+dfsg-1 (bookworm)

▶Debianqemu/qemu< 2.0.0+dfsg-1+3

▶Ubuntuqemu/qemu< 2.0.0~rc1+dfsg-0ubuntu3.1

▶NVDqemu/qemu1.7.1+13

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.10, 14.04

🔴Vulnerability Details

GHSA

GHSA-xxjj-3mqq-qmc5: hw/net/vmxnet3↗2022-05-17

▶

OSV

CVE-2013-4544: hw/net/vmxnet3↗2014-05-08

▶

OSV

qemu, qemu-kvm vulnerabilities↗2014-04-28

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2014-04-28

▶

Red Hat

Qemu: vmxnet3: bounds checking buffer overrun↗2014-04-04

▶

Debian

CVE-2013-4544: qemu - hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users ...↗2013

▶

💬Community

Bugzilla

CVE-2013-4544 Qemu: vmxnet3: bounds checking buffer overrun↗2014-04-14

▶

Bugzilla

CVE-2013-4544 Qemu: vmxnet3: bounds checking buffer overrun [fedora-all]↗2014-04-14

▶