CVE-2013-4536

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2013-4536

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2013-4536.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2013-4536

Related

Published

2021-05-28T17:15:07Z

Modified

2024-06-30T12:00:03Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

References

Affected packages

Debian:11 / qemu

Package

Name: qemu
Purl: pkg:deb/debian/qemu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1+dfsg-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / qemu

Package

Name: qemu
Purl: pkg:deb/debian/qemu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1+dfsg-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / qemu

Package

Name: qemu
Purl: pkg:deb/debian/qemu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1+dfsg-1

Ecosystem specific

{
    "urgency": "low"
}