Your submission was sent successfully! Close

CVE-2013-4542

Published: 20 February 2014

The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.

Priority

Low

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Ignored
(reached end-of-life)
trusty
Released (2.0.0+dfsg-2ubuntu1.3)
upstream Needed

qemu-kvm
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(code not present)
precise Not vulnerable
(code not present)
quantal Ignored
(reached end-of-life)
saucy Does not exist

trusty Does not exist

upstream Needed