CVE-2013-4344

Published: 04 October 2013

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

Priority

Low

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1.7.0+dfsg-2ubuntu5)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
Upstream: http://article.gmane.org/gmane.comp.emulators.qemu/237163
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=846424350b292f16b732b573273a5c1f195cd7a3
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin)
Released (1.0+noroms-0ubuntu14.13)
Patches:
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=846424350b292f16b732b573273a5c1f195cd7a3
xen
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Ubuntu 12.04 ESM (Precise Pangolin) Not vulnerable
(code not present)
xen-3.3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist