CVE-2013-4344

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

Published: Oct 4, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-4344
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
qemu / qemu	-	1.6.2.x
opensuse / opensuse	12.3	12.3.x
opensuse / opensuse	13.1	13.1.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / virtualization	3.0	3.0.x
canonical / ubuntu_linux	13.10	13.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x

http://article.gmane.org/gmane.comp.emulators.qemu/237191
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
http://osvdb.org/98028
http://rhn.redhat.com/errata/RHSA-2013-1553.html
http://rhn.redhat.com/errata/RHSA-2013-1754.html
http://www.openwall.com/lists/oss-security/2013/10/02/2
http://www.securityfocus.com/bid/62773
http://www.ubuntu.com/usn/USN-2092-1

Vulnerability Database

289,599

CVE-2013-4344