CVE Vulnerabilities

CVE-2013-4536

Improper Privilege Management

Published: May 28, 2021 | Modified: Mar 03, 2023
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
3.7 MODERATE
AV:L/AC:H/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
LOW

An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Qemu Qemu * 1.5.3 (excluding)
Qemu Ubuntu saucy *
Qemu Ubuntu trusty *
Qemu Ubuntu upstream *
Qemu-kvm Ubuntu precise *
Qemu-kvm Ubuntu quantal *
Qemu-kvm Ubuntu upstream *
OpenStack 3 for RHEL 6 RedHat qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.10 *
OpenStack 4 for RHEL 6 RedHat qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.10 *
Red Hat Enterprise Linux 6 RedHat qemu-kvm-2:0.12.1.2-2.415.el6_5.10 *
Red Hat Enterprise Linux 7 RedHat qemu-kvm-10:1.5.3-60.el7_0.5 *
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 RedHat qemu-kvm-rhev-10:1.5.3-60.el7_0.7 *
RHEV 3.X Hypervisor and Agents for RHEL-6 RedHat qemu-kvm-rhev-2:0.12.1.2-2.415.el6_5.10 *
RHEV 3.X Hypervisor and Agents for RHEL-6 RedHat rhev-hypervisor6-0:6.5-20140603.2.el6ev *

Potential Mitigations

References