4.9

CVE-2013-4544

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices.  NOTE: some of these details are obtained from third party information.

Data is provided by the National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version10.04 Update- Editionlts
CanonicalUbuntu Linux Version12.04 Update- Editionlts
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.10
CanonicalUbuntu Linux Version14.04 SwEditionlts
QemuQemu Version <= 1.7.1
QemuQemu Version1.0
QemuQemu Version1.0 Updaterc1
QemuQemu Version1.0 Updaterc2
QemuQemu Version1.0 Updaterc3
QemuQemu Version1.0 Updaterc4
QemuQemu Version1.0.1
QemuQemu Version1.1
QemuQemu Version1.1 Updaterc1
QemuQemu Version1.1 Updaterc2
QemuQemu Version1.1 Updaterc3
QemuQemu Version1.1 Updaterc4
QemuQemu Version1.4.1
QemuQemu Version1.4.2
QemuQemu Version1.5.0
QemuQemu Version1.5.0 Updaterc1
QemuQemu Version1.5.0 Updaterc2
QemuQemu Version1.5.0 Updaterc3
QemuQemu Version1.5.1
QemuQemu Version1.5.2
QemuQemu Version1.5.3
QemuQemu Version1.6.0
QemuQemu Version1.6.0 Updaterc1
QemuQemu Version1.6.0 Updaterc2
QemuQemu Version1.6.0 Updaterc3
QemuQemu Version1.6.1
QemuQemu Version1.6.2
QemuQemu Version2.0.0 Updaterc0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.13% 0.337
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.9 4.4 6.4
AV:A/AC:M/Au:S/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.