PT-2013-1144 · Qemu+4 · Qemu+5

Asias He

Published

2013-10-04

Updated

2020-08-11

CVE-2013-4344

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified) SUSE Linux Enterprise (affected versions not specified)

Description The issue concerns a buffer overflow in the SCSI implementation, potentially allowing local users to gain privileges. This could lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation can be carried out locally by an authenticated attacker.

Recommendations For QEMU, consider restricting access to the SCSI implementation until a patch is available. For SUSE Linux Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2013-1219

BDU:2015-04319

CESA-2013_1553

CVE-2013-4344

DSA-2932-1

DSA-2933-1

MGASA-2013-0341

OPENSUSE-SU-2014_1279-1

OPENSUSE-SU-2014_1281-1

RHSA-2013:1527

RHSA-2013:1553

RHSA-2013:1754

RHSA-2013_1553

SUSE-SU-2014_1318-1

SUSE-SU-2015:0870-1

SUSE-SU-2015:0889-1

SUSE-SU-2015:1152-1

Affected Products

Alt Linux

Centos

Qemu

Red Hat

Suse Linux Enterprise

Suse

PT-2013-1144 · Qemu+4 · Qemu+5

CVE-2013-4344

Weakness Enumeration

Related Identifiers

Affected Products

References · 87