CVE-2013-4536
First published: Fri May 28 2021(Updated: )
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU qemu | <1.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2013-4536?
CVE-2013-4536 is a vulnerability that allows a user to corrupt QEMU process memory, potentially leading to arbitrary code execution on the host.
How does CVE-2013-4536 impact QEMU?
CVE-2013-4536 allows an attacker to alter the savevm data in QEMU, either on the disk or over the wire during migration, and potentially execute arbitrary code on the host.
What software versions are affected by CVE-2013-4536?
QEMU versions up to but not including 1.5.3 are affected by CVE-2013-4536.
What is the severity of CVE-2013-4536?
CVE-2013-4536 has a severity rating of 7.8, which is considered high.
How can I fix CVE-2013-4536?
To fix CVE-2013-4536, it is recommended to update QEMU to version 1.5.3 or higher.
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- vendor/qemu
- canonical/qemu qemu