CVE-2013-4535 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 59%

Affected Products (NVD)

Vendor	Product	Version
qemu	qemu	𝑥 < 1.7.2
redhat	virtualization	3.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server_tus	6.5
redhat	enterprise_linux_workstation	6.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qemu

bookworm	1:7.2+dfsg-7+deb12u7 fixed
bullseye	1:5.2+dfsg-11+deb11u3 fixed
bullseye (security)	1:5.2+dfsg-11+deb11u2 fixed
sid	1:9.1.1+ds-2 fixed
squeeze	no-dsa
trixie	1:9.1.1+ds-2 fixed
wheezy	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

qemu

lucid	dne
precise	dne
quantal	dne
saucy	ignored
trusty	Fixed 2.0.0+dfsg-2ubuntu1.3 released

qemu-kvm

lucid	not-affected
precise	Fixed 1.0+noroms-0ubuntu14.17 released
quantal	ignored
saucy	dne
trusty	dne

openSUSE / SLES Releases

openSUSE Product

Release

qemu

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-block-curl

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-block-iscsi

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-block-rbd

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-block-ssh

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-guest-agent

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-ipxe

suse enterprise sap 15	1.0.0-7.5 fixed
suse enterprise server 15	1.0.0-7.5 fixed

qemu-kvm

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-lang

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-seabios

suse enterprise sap 15	1.11.0-7.5 fixed
suse enterprise server 15	1.11.0-7.5 fixed

qemu-sgabios-8

suse enterprise sap 15	7.5 fixed
suse enterprise server 15	7.5 fixed

qemu-vgabios

suse enterprise sap 15	1.11.0-7.5 fixed
suse enterprise server 15	1.11.0-7.5 fixed

qemu-x86

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

libcacard

RHEL 7

10:1.5.3-60.el7_0.5

fixed

libcacard-devel

RHEL 7

10:1.5.3-60.el7_0.5

fixed

libcacard-tools

RHEL 7

10:1.5.3-60.el7_0.5

fixed

qemu-guest-agent

RHEL 6	2:0.12.1.2-2.415.el6_5.10 fixed
RHEL 7	10:1.5.3-60.el7_0.5 fixed

qemu-img

RHEL 6	2:0.12.1.2-2.415.el6_5.10 fixed
RHEL 7	10:1.5.3-60.el7_0.5 fixed

qemu-kvm

RHEL 6	2:0.12.1.2-2.415.el6_5.10 fixed
RHEL 7	10:1.5.3-60.el7_0.5 fixed

qemu-kvm-common

RHEL 7

10:1.5.3-60.el7_0.5

fixed

qemu-kvm-tools

RHEL 6	2:0.12.1.2-2.415.el6_5.10 fixed
RHEL 7	10:1.5.3-60.el7_0.5 fixed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html

http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html

http://rhn.redhat.com/errata/RHSA-2014-0743.html

http://rhn.redhat.com/errata/RHSA-2014-0744.html

https://bugzilla.redhat.com/show_bug.cgi?id=1066401

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html

http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html

http://rhn.redhat.com/errata/RHSA-2014-0743.html

http://rhn.redhat.com/errata/RHSA-2014-0744.html

https://bugzilla.redhat.com/show_bug.cgi?id=1066401