Your submission was sent successfully! Close

CVE-2013-4344

Published: 4 October 2013

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

Priority

Low

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

raring Ignored
(reached end-of-life)
saucy
Released (1.5.0+dfsg-3ubuntu5.3)
upstream Needs triage

Patches:
upstream: http://article.gmane.org/gmane.comp.emulators.qemu/237163
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=846424350b292f16b732b573273a5c1f195cd7a3

qemu-kvm
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(code not present)
precise
Released (1.0+noroms-0ubuntu14.13)
quantal
Released (1.2.0+noroms-0ubuntu2.12.10.6)
raring Does not exist

saucy Does not exist

upstream Needs triage

Patches:


upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=846424350b292f16b732b573273a5c1f195cd7a3
xen
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable
(code not present)
quantal Not vulnerable
(code not present)
raring Not vulnerable
(code not present)
saucy Not vulnerable
(code not present)
upstream Needs triage

xen-3.3
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(code not present)
precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

upstream Needs triage