7.8

CVE-2013-2016

Exploit

A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.

Data is provided by the National Vulnerability Database (NVD)
QemuQemu Version >= 1.3.0 <= 1.4.2
QemuQemu Version1.5.0 Updaterc1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
NovellOpen Desktop Server Version11.0 Updatesp3 SwPlatformlinux_kernel
NovellOpen Enterprise Server Version11.0 Updatesp3 SwPlatformlinux_kernel
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.232
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.openwall.com/lists/oss-security/2013/04/29/5
Third Party Advisory
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2013/04/29/6
Third Party Advisory
Exploit
Mailing List
http://www.securityfocus.com/bid/59541
Third Party Advisory
VDB Entry