vulnerability
Red Hat: CVE-2013-4536: qemu: virtio: insufficient validation of num_sg when mapping
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | May 28, 2021 | Jul 9, 2025 | Jul 9, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
May 28, 2021
Added
Jul 9, 2025
Modified
Jul 9, 2025
Description
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
Solution
no-fix-redhat-rpm-package
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.