CVE-2013-4544: Input Validation
First published: Mon Apr 14 2014(Updated: )
An array index bounds overrun flaw has been discovered in the vmxnet3 device as emulated by qemu. A privileged guest user could use this flaw to corrupt qemu process' memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the qemu process. Upstream fix: ------------- -> <a href="http://thread.gmane.org/gmane.comp.emulators.qemu/265562">http://thread.gmane.org/gmane.comp.emulators.qemu/265562</a> Acknowledgements: This issue was discovered by Michael S. Tsirkin of Red Hat.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =10.04 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 | |
| Ubuntu | =13.10 | |
| Ubuntu | =14.04 | |
| QEMU | <=1.7.1 | |
| QEMU | =1.0 | |
| QEMU | =1.0-rc1 | |
| QEMU | =1.0-rc2 | |
| QEMU | =1.0-rc3 | |
| QEMU | =1.0-rc4 | |
| QEMU | =1.0.1 | |
| QEMU | =1.1 | |
| QEMU | =1.1-rc1 | |
| QEMU | =1.1-rc2 | |
| QEMU | =1.1-rc3 | |
| QEMU | =1.1-rc4 | |
| QEMU | =1.4.1 | |
| QEMU | =1.4.2 | |
| QEMU | =1.5.0 | |
| QEMU | =1.5.0-rc1 | |
| QEMU | =1.5.0-rc2 | |
| QEMU | =1.5.0-rc3 | |
| QEMU | =1.5.1 | |
| QEMU | =1.5.2 | |
| QEMU | =1.5.3 | |
| QEMU | =1.6.0 | |
| QEMU | =1.6.0-rc1 | |
| QEMU | =1.6.0-rc2 | |
| QEMU | =1.6.0-rc3 | |
| QEMU | =1.6.1 | |
| QEMU | =1.6.2 | |
| QEMU | =2.0.0-rc0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://thread.gmane.org/gmane.comp.emulators.qemu/265562
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1087522
- https://bugzilla.redhat.com/show_bug.cgi?id=1087513
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3c99afc779c2c78718a565ad8c5e98de7c2c7484
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8c6c0478996e8f77374e69b6df68655b0b4ba689
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=9878d173f574df74bde0ff50b2f81009fbee81bb
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f12d048a523780dbda702027d4a91b62af1a08d7
- http://secunia.com/advisories/58191
- http://ubuntu.com/usn/usn-2182-1
- http://www.osvdb.org/106013
Frequently Asked Questions
What is the severity of CVE-2013-4544?
CVE-2013-4544 is considered to have high severity due to its potential for arbitrary code execution on the host system.
How do I fix CVE-2013-4544?
To fix CVE-2013-4544, users should update QEMU to a version higher than 1.7.1 or apply any relevant security patches provided by their operating system.
What systems are affected by CVE-2013-4544?
CVE-2013-4544 affects various versions of Ubuntu Linux from 10.04 to 14.04 LTS and QEMU KVM versions up to and including 1.7.1.
What kind of attack does CVE-2013-4544 facilitate?
CVE-2013-4544 could be exploited by a privileged guest user to corrupt the memory of the qemu process on the host, potentially leading to remote code execution.
Who can exploit CVE-2013-4544?
CVE-2013-4544 can be exploited by any privileged user within a virtual machine that uses the vulnerable vmxnet3 device.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-4544
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/12.04
- version/ubuntu/12.10
- version/ubuntu/13.10
- version/ubuntu/14.04
- vendor/qemu
- canonical/qemu
- version/qemu/1.7.1
- version/qemu/1.0
- version/qemu/1.0-rc1
- version/qemu/1.0-rc2
- version/qemu/1.0-rc3
- version/qemu/1.0-rc4
- version/qemu/1.0.1
- version/qemu/1.1
- version/qemu/1.1-rc1
- version/qemu/1.1-rc2
- version/qemu/1.1-rc3
- version/qemu/1.1-rc4
- version/qemu/1.4.1
- version/qemu/1.4.2
- version/qemu/1.5.0
- version/qemu/1.5.0-rc1
- version/qemu/1.5.0-rc2
- version/qemu/1.5.0-rc3
- version/qemu/1.5.1
- version/qemu/1.5.2
- version/qemu/1.5.3
- version/qemu/1.6.0
- version/qemu/1.6.0-rc1
- version/qemu/1.6.0-rc2
- version/qemu/1.6.0-rc3
- version/qemu/1.6.1
- version/qemu/1.6.2
- version/qemu/2.0.0-rc0