CVE-2013-4535: Input Validation
First published: Tue Feb 18 2014(Updated: )
Both virtio-block and virtio-serial read, VirtQueueElements are read in as buffers, and passed to virtqueue_map_sg(), where num_sg is taken from the wire and can force writes to indicies beyond VIRTQUEUE_MAX_SIZE. An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Upstream fix: ------------- -> <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4">http://git.qemu.org/?p=qemu.git;a=commit;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/qemu-kvm | <1.5.3 | 1.5.3 |
| QEMU KVM | <1.7.2 | |
| Red Hat Enterprise Virtualization | =3.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server tus | =6.5 | |
| redhat enterprise Linux workstation | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.qemu.org/?p=qemu.git;a=commit;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095764
- https://rhn.redhat.com/errata/RHSA-2014-0674.html
- https://rhn.redhat.com/errata/RHSA-2014-0744.html
- https://rhn.redhat.com/errata/RHSA-2014-0743.html
- https://rhn.redhat.com/errata/RHSA-2014-0927.html
- https://rhn.redhat.com/errata/RHSA-2014-0888.html
- https://rhn.redhat.com/errata/RHSA-2014-1268.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1066401
- http://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4
- http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
- http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
- http://rhn.redhat.com/errata/RHSA-2014-0743.html
- http://rhn.redhat.com/errata/RHSA-2014-0744.html
- http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4
Frequently Asked Questions
What is the severity of CVE-2013-4535?
CVE-2013-4535 has a high severity level, potentially allowing for memory corruption due to out-of-bounds writes.
How do I fix CVE-2013-4535?
To fix CVE-2013-4535, upgrade to QEMU version 1.5.3 or later, ensuring the system is using compatible software versions.
Which software is affected by CVE-2013-4535?
CVE-2013-4535 affects QEMU KVM versions up to 1.7.2, as well as specific versions of Red Hat Enterprise Virtualization and Red Hat Enterprise Linux.
Can CVE-2013-4535 lead to system exploits?
Yes, CVE-2013-4535 can potentially be exploited to execute arbitrary code through specially crafted input.
Is there a patch available for CVE-2013-4535?
Yes, patches addressing CVE-2013-4535 have been included in subsequent updates of affected packages.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-4535
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/qemu
- canonical/qemu kvm
- vendor/redhat
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/3.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/6.5
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0