CVE-2013-2016

EUVD-2013-2005
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
qemuqemu
1.3.0 ≤
𝑥
≤ 1.4.2
qemuqemu
1.5.0:rc1
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
novellopen_desktop_server
11.0:sp3
novellopen_enterprise_server
11.0:sp3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
jessie
not-affected
sid
1:9.1.1+ds-2
fixed
squeeze
not-affected
trixie
1:9.1.1+ds-2
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kvm
hardy
ignored
lucid
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
qemu
hardy
ignored
lucid
dne
oneiric
dne
precise
dne
quantal
dne
raring
ignored
saucy
not-affected
qemu-kvm
hardy
dne
lucid
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
dne
saucy
dne
xen-3.1
hardy
ignored
lucid
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
xen-3.2
hardy
ignored
lucid
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
xen-3.3
hardy
dne
lucid
not-affected
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html
http://www.openwall.com/lists/oss-security/2013/04/29/5
http://www.openwall.com/lists/oss-security/2013/04/29/6
http://www.securityfocus.com/bid/59541
https://access.redhat.com/security/cve/cve-2013-2016
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016
https://exchange.xforce.ibmcloud.com/vulnerabilities/83850
https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d
https://security-tracker.debian.org/tracker/CVE-2013-2016
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html
http://www.openwall.com/lists/oss-security/2013/04/29/5
http://www.openwall.com/lists/oss-security/2013/04/29/6
http://www.securityfocus.com/bid/59541
https://access.redhat.com/security/cve/cve-2013-2016
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016
https://exchange.xforce.ibmcloud.com/vulnerabilities/83850
https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d
https://security-tracker.debian.org/tracker/CVE-2013-2016