CVE-2013-2016

A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:novell:open_desktop_server:11.0:sp3:*:*:*:linux_kernel:*:*
cpe:2.3:a:novell:open_enterprise_server:11.0:sp3:*:*:*:linux_kernel:*:*

Information

Published : 2019-12-30 14:15

Updated : 2020-08-18 08:05


NVD link : CVE-2013-2016

Mitre link : CVE-2013-2016


JSON object : View

CWE
CWE-269

Improper Privilege Management

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

novell

  • open_enterprise_server
  • open_desktop_server

qemu

  • qemu