Rapid7 Vulnerability & Exploit Database

CentOS: (CVE-2013-4536) (Multiple Advisories): qemu-kvm

Back to Search

CentOS: (CVE-2013-4536) (Multiple Advisories): qemu-kvm

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
07/25/2014
Created
07/25/2018
Added
08/17/2018
Modified
06/10/2021

Description

An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

Solution(s)

  • centos-upgrade-libcacard
  • centos-upgrade-libcacard-devel
  • centos-upgrade-libcacard-tools
  • centos-upgrade-qemu-guest-agent
  • centos-upgrade-qemu-img
  • centos-upgrade-qemu-kvm
  • centos-upgrade-qemu-kvm-common
  • centos-upgrade-qemu-kvm-tools

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;