First Last Prev Next    This bug is not in your last search results.
Bug 864802 - (CVE-2013-4541) VUL-0: CVE-2013-4541: qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load
(CVE-2013-4541)
VUL-0: CVE-2013-4541: qemu: usb: insufficient sanity checking of setup_index+...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 13.1
: P3 - Medium : Normal
: ---
Assigned To: Andreas Färber
Security Team bot
https://smash.suse.de/issue/96368/
maint:released:sle11-sp3:57056 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-02-20 08:56 UTC by Victor Pereira
Modified: 2016-01-19 15:40 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2014-02-20 08:56:46 UTC 
CVE-2013-4541

s->setup_len and s->setup_index are fed into usb_packet_copy as
size/offset into s->data_buf, it's possible for invalid state to exploit
this to load arbitrary data.

An user able to alter the savevm data (either on the disk or over the wire
during migration) could use this flaw to to corrupt QEMU process memory on
the (destination) host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4541
https://bugzilla.redhat.com/show_bug.cgi?id=1066384
Comment 1 Swamp Workflow Management 2014-02-20 23:00:34 UTC 
bugbot adjusting priority
Comment 7 Swamp Workflow Management 2014-05-08 13:53:29 UTC 
Update released for: kvm, kvm-debuginfo, kvm-debugsource
Products:
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, s390x, x86_64)
Comment 8 Swamp Workflow Management 2014-05-08 17:04:55 UTC 
SUSE-SU-2014:0623-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 812983,817593,842006,864802,870439
CVE References: CVE-2013-2016,CVE-2013-4344,CVE-2013-4541,CVE-2014-0142,CVE-2014-0143,CVE-2014-0144,CVE-2014-0145,CVE-2014-0146,CVE-2014-0147
Sources used:
SUSE Linux Enterprise Server 11 SP3 (src):    kvm-1.4.2-0.11.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    kvm-1.4.2-0.11.1
Comment 10 Swamp Workflow Management 2014-05-12 13:17:36 UTC 
The SWAMPID for this issue is 57320.
This issue was rated as moderate.
Please submit fixed packages until 2014-05-26.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 16 Bernhard Wiedemann 2014-05-24 13:01:25 UTC 
This is an autogenerated message for OBS integration:
This bug (864802) was mentioned in
https://build.opensuse.org/request/show/235281 Factory / qemu
Comment 17 Swamp Workflow Management 2014-06-18 13:49:07 UTC 
Update released for: kvm, kvm-debuginfo, kvm-debugsource
Products:
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, s390x, x86_64)
Comment 18 Swamp Workflow Management 2014-06-18 17:06:35 UTC 
SUSE-SU-2014:0816-1: An update that solves two vulnerabilities and has 20 fixes is now available.

Category: security (moderate)
Bug References: 864391,864649,864650,864653,864655,864665,864671,864673,864678,864682,864769,864796,864801,864802,864804,864805,864811,864812,864814,873235,874749,874788
CVE References: CVE-2014-0150,CVE-2014-2894
Sources used:
SUSE Linux Enterprise Server 11 SP3 (src):    kvm-1.4.2-0.15.2
SUSE Linux Enterprise Desktop 11 SP3 (src):    kvm-1.4.2-0.15.2
Comment 20 Johannes Segitz 2016-01-19 15:40:41 UTC 
everything fixed
First Last Prev Next    This bug is not in your last search results.