CVE-2019-13164Improper Access Control in Qemu

CWE-284Improper Access Control13 documents8 sources
Severity
7.8HIGHNVD
OSV3.8
EPSS
0.0%
top 94.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
QemuDebian QemuCanonical Ubuntu Linux+2 more
Timeline
PublishedJul 3
Latest updateJan 28

Description

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

debiandebian/qemu< qemu 1:4.1-1 (bookworm)
Debianqemu/qemu< 1:4.1-1+3
Ubuntuqemu/qemu< 1:2.5+dfsg-5ubuntu10.42+2
NVDqemu/qemu3.1, 4.0.0+1
NVDopensuse/leap15.0, 15.1+1

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.04, 19.10

Patches

Patch: github.comPatch: lists.gnu.orgPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-5ff7-wj9x-5xc5: qemu-bridge-helper2022-05-24
OSV
qemu vulnerabilities2019-11-14
OSV
qemu vulnerabilities2019-11-14
OSV
CVE-2019-13164: qemu-bridge-helper2019-07-03

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2019-11-14
Ubuntu
QEMU vulnerabilities2019-11-14
Red Hat
Qemu: qemu-bridge-helper ACL can be bypassed when names are too long2019-06-28
Debian
CVE-2019-13164: qemu - qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interf...2019

📄Research Papers

1
arXiv
Did You Forkget It? Detecting One-Day Vulnerabilities in Open-source ForksWith Global History Analysis2026-01-28

💬Community

3
Bugzilla
qemu: long interface names in qemu-bridge-helper leading to ACL bypass2019-07-15
Bugzilla
CVE-2019-13164 qemu: qemu-bridge-helper ACL can be bypassed when names are too long [fedora-all]2019-07-02
Bugzilla
CVE-2019-13164 Qemu: qemu-bridge-helper ACL can be bypassed when names are too long2019-06-20