CVE-2013-4151
qemu: virtio: out-of-bounds buffer write on invalid state load
Severity Score
7.2
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.
La función virtio_load en virtio/virtio.c en QEMU 1.x anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, lo que provoca una escritura fuera de rango.
Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. Various other issues have also been addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2014-06-11 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
- CWE-787: Out-of-bounds Write
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=cc45995294b92d95319b4782750a3580cabdbc0c | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2014-0744.html | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2014-0743.html | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2013-4151 | 2014-09-22 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1066342 | 2014-09-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.0 Search vendor "Qemu" for product "Qemu" and version "1.0" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.0 Search vendor "Qemu" for product "Qemu" and version "1.0" | rc1 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.0 Search vendor "Qemu" for product "Qemu" and version "1.0" | rc2 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.0 Search vendor "Qemu" for product "Qemu" and version "1.0" | rc3 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.0 Search vendor "Qemu" for product "Qemu" and version "1.0" | rc4 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.0.1 Search vendor "Qemu" for product "Qemu" and version "1.0.1" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.1 Search vendor "Qemu" for product "Qemu" and version "1.1" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.1 Search vendor "Qemu" for product "Qemu" and version "1.1" | rc1 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.1 Search vendor "Qemu" for product "Qemu" and version "1.1" | rc2 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.1 Search vendor "Qemu" for product "Qemu" and version "1.1" | rc3 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.1 Search vendor "Qemu" for product "Qemu" and version "1.1" | rc4 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.4.1 Search vendor "Qemu" for product "Qemu" and version "1.4.1" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.4.2 Search vendor "Qemu" for product "Qemu" and version "1.4.2" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.0 Search vendor "Qemu" for product "Qemu" and version "1.5.0" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.0 Search vendor "Qemu" for product "Qemu" and version "1.5.0" | rc1 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.0 Search vendor "Qemu" for product "Qemu" and version "1.5.0" | rc2 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.0 Search vendor "Qemu" for product "Qemu" and version "1.5.0" | rc3 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.1 Search vendor "Qemu" for product "Qemu" and version "1.5.1" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.2 Search vendor "Qemu" for product "Qemu" and version "1.5.2" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.3 Search vendor "Qemu" for product "Qemu" and version "1.5.3" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.0 Search vendor "Qemu" for product "Qemu" and version "1.6.0" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.0 Search vendor "Qemu" for product "Qemu" and version "1.6.0" | rc1 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.0 Search vendor "Qemu" for product "Qemu" and version "1.6.0" | rc2 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.0 Search vendor "Qemu" for product "Qemu" and version "1.6.0" | rc3 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.1 Search vendor "Qemu" for product "Qemu" and version "1.6.1" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.2 Search vendor "Qemu" for product "Qemu" and version "1.6.2" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.7.1 Search vendor "Qemu" for product "Qemu" and version "1.7.1" | - |
Affected
| ||||||