7.8

CVE-2013-2016

Exploit
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version >= 1.3.0 <= 1.4.2
QemuQemu Version1.5.0 Updaterc1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
NovellOpen Desktop Server Version11.0 Updatesp3 SwPlatformlinux_kernel
NovellOpen Enterprise Server Version11.0 Updatesp3 SwPlatformlinux_kernel
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.391
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2013/04/29/5
Third Party Advisory
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2013/04/29/6
Third Party Advisory
Exploit
Mailing List
http://www.securityfocus.com/bid/59541
Third Party Advisory
VDB Entry
https://access.redhat.com/security/cve/cve-2013-2016
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016
Exploit
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/83850
Third Party Advisory
VDB Entry
https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d
Patch
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2013-2016
Third Party Advisory