CVE-2013-4344

2013-10-0400:00:00

ubuntu.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a
SCSI controller has more than 256 attached devices, allows local users to
gain privileges via a small transfer buffer in a REPORT LUNS command.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725944>

Notes

Author	Note
mdeslaur	needs the admin to configure more than 256 scsi devices, downgrading to low

OSVersionArchitecturePackageVersionFilename
ubuntu13.10noarchqemu< 1.5.0+dfsg-3ubuntu5.3UNKNOWN
ubuntu12.04noarchqemu-kvm< 1.0+noroms-0ubuntu14.13UNKNOWN
ubuntu12.10noarchqemu-kvm< 1.2.0+noroms-0ubuntu2.12.10.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	13.10	noarch	qemu	< 1.5.0+dfsg-3ubuntu5.3	UNKNOWN
ubuntu	12.04	noarch	qemu-kvm	< 1.0+noroms-0ubuntu14.13	UNKNOWN
ubuntu	12.10	noarch	qemu-kvm	< 1.2.0+noroms-0ubuntu2.12.10.6	UNKNOWN