CVE-2013-2016

Published: Dec 30, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.

Affected (7)

Products: Qemu: Qemu · Debian: Debian Linux · Novell: Open Desktop Server, Open Enterprise Server

1 product

1 product

2 products

Open Desktop Server

Open Enterprise Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	From 1.3.0 to 1.4.2
Qemu Qemu	Version 1.5.0 rc1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Novell Open Desktop Server	Version 11.0 sp3
Novell Open Enterprise Server	Version 11.0 sp3

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2013/04/29/5

Source: secalert@redhat.com

ExploitMailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2013/04/29/6

Source: secalert@redhat.com

ExploitMailing ListThird Party Advisory

http://www.securityfocus.com/bid/59541

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/security/cve/cve-2013-2016

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016

Source: secalert@redhat.com

ExploitIssue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/83850

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d

Source: secalert@redhat.com

PatchThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2013-2016

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2013/04/29/5

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2013/04/29/6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://www.securityfocus.com/bid/59541

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/security/cve/cve-2013-2016

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/83850

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2013-2016

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.