Bugzilla – Bug 864801
VUL-0: CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load
Last modified: 2016-02-05 11:18:08 UTC
CVE-2013-4540 Within scoop_gpio_handler_update, if prev_level has a high bit set, then we get bit > 16 and that does a buffer overrun. An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4540 https://bugzilla.redhat.com/show_bug.cgi?id=1066386
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (864801) was mentioned in https://build.opensuse.org/request/show/235281 Factory / qemu
Update released for: kvm, kvm-debuginfo, kvm-debugsource Products: SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SERVER 11-SP3 (i386, s390x, x86_64)
SUSE-SU-2014:0816-1: An update that solves two vulnerabilities and has 20 fixes is now available. Category: security (moderate) Bug References: 864391,864649,864650,864653,864655,864665,864671,864673,864678,864682,864769,864796,864801,864802,864804,864805,864811,864812,864814,873235,874749,874788 CVE References: CVE-2014-0150,CVE-2014-2894 Sources used: SUSE Linux Enterprise Server 11 SP3 (src): kvm-1.4.2-0.15.2 SUSE Linux Enterprise Desktop 11 SP3 (src): kvm-1.4.2-0.15.2
openSUSE-SU-2014:1279-1: An update that solves 10 vulnerabilities and has 8 fixes is now available. Category: security (important) Bug References: 798770,820873,833483,842006,858178,862608,864801,865682,867910,878841,880751,881900,891539,895798,895799,895802,896023,897657 CVE References: CVE-2013-4344,CVE-2013-4540,CVE-2014-2599,CVE-2014-3967,CVE-2014-3968,CVE-2014-4021,CVE-2014-7154,CVE-2014-7155,CVE-2014-7156,CVE-2014-7188 Sources used: openSUSE 12.3 (src): xen-4.2.4_04-1.32.1
openSUSE-SU-2014:1281-1: An update that solves 10 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 798770,820873,842006,864801,865682,875668,878841,880751,882127,895798,895799,895802,896023,897657 CVE References: CVE-2013-4344,CVE-2013-4540,CVE-2014-3124,CVE-2014-3967,CVE-2014-3968,CVE-2014-4021,CVE-2014-7154,CVE-2014-7155,CVE-2014-7156,CVE-2014-7188 Sources used: openSUSE 13.1 (src): xen-4.3.2_02-27.1
SUSE-SU-2014:1318-1: An update that solves 10 vulnerabilities and has 7 fixes is now available. Category: security (moderate) Bug References: 798770,833483,842006,858178,862608,864801,865682,867910,878841,880751,881900,882092,891539,895798,895799,895802,897657 CVE References: CVE-2013-4344,CVE-2013-4540,CVE-2014-2599,CVE-2014-3967,CVE-2014-3968,CVE-2014-4021,CVE-2014-7154,CVE-2014-7155,CVE-2014-7156,CVE-2014-7188 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): xen-4.2.4_04-0.9.1 SUSE Linux Enterprise Server 11 SP3 (src): xen-4.2.4_04-0.9.1 SUSE Linux Enterprise Desktop 11 SP3 (src): xen-4.2.4_04-0.9.1
fixed everywhere