Lucene search
HistoryNov 04, 2014 - 9:55 p.m.
CVE-2013-4541
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.6
Confidence
High
EPSS
0.07
Percentile
94.0%
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.
Affected configurations
Node
qemuqemuRange≤1.7.1
ORqemuqemuMatch0.1.0
ORqemuqemuMatch0.1.1
ORqemuqemuMatch0.1.2
ORqemuqemuMatch0.1.3
ORqemuqemuMatch0.1.4
ORqemuqemuMatch0.1.5
ORqemuqemuMatch0.1.6
ORqemuqemuMatch0.2.0
ORqemuqemuMatch0.3.0
ORqemuqemuMatch0.4.0
ORqemuqemuMatch0.4.1
ORqemuqemuMatch0.4.2
ORqemuqemuMatch0.4.3
ORqemuqemuMatch0.5.0
ORqemuqemuMatch0.5.1
ORqemuqemuMatch0.5.2
ORqemuqemuMatch0.5.3
ORqemuqemuMatch0.5.4
ORqemuqemuMatch0.5.5
ORqemuqemuMatch0.6.0
ORqemuqemuMatch0.6.1
ORqemuqemuMatch0.7.0
ORqemuqemuMatch0.7.1
ORqemuqemuMatch0.7.2
ORqemuqemuMatch0.8.0
ORqemuqemuMatch0.8.1
ORqemuqemuMatch0.8.2
ORqemuqemuMatch0.9.0
ORqemuqemuMatch0.9.1
ORqemuqemuMatch0.9.1-5
ORqemuqemuMatch0.10.0
ORqemuqemuMatch0.10.1
ORqemuqemuMatch0.10.2
ORqemuqemuMatch0.10.3
ORqemuqemuMatch0.10.4
ORqemuqemuMatch0.10.5
ORqemuqemuMatch0.10.6
ORqemuqemuMatch0.11.0
ORqemuqemuMatch0.11.0rc0
ORqemuqemuMatch0.11.0rc1
ORqemuqemuMatch0.11.0rc2
ORqemuqemuMatch0.11.0-rc0
ORqemuqemuMatch0.11.0-rc1
ORqemuqemuMatch0.11.0-rc2
ORqemuqemuMatch0.11.1
ORqemuqemuMatch0.12.0
ORqemuqemuMatch0.12.0rc1
ORqemuqemuMatch0.12.0rc2
ORqemuqemuMatch0.12.1
ORqemuqemuMatch0.12.2
ORqemuqemuMatch0.12.3
ORqemuqemuMatch0.12.4
ORqemuqemuMatch0.12.5
ORqemuqemuMatch0.13.0
ORqemuqemuMatch0.13.0rc0
ORqemuqemuMatch0.13.0rc1
ORqemuqemuMatch0.14.0
ORqemuqemuMatch0.14.0rc0
ORqemuqemuMatch0.14.0rc1
ORqemuqemuMatch0.14.0rc2
ORqemuqemuMatch0.14.1
ORqemuqemuMatch0.15.0rc1
ORqemuqemuMatch0.15.0rc2
ORqemuqemuMatch0.15.1
ORqemuqemuMatch0.15.2
ORqemuqemuMatch1.0
ORqemuqemuMatch1.0rc1
ORqemuqemuMatch1.0rc2
ORqemuqemuMatch1.0rc3
ORqemuqemuMatch1.0rc4
ORqemuqemuMatch1.0.1
ORqemuqemuMatch1.1
ORqemuqemuMatch1.1rc1
ORqemuqemuMatch1.1rc2
ORqemuqemuMatch1.1rc3
ORqemuqemuMatch1.1rc4
ORqemuqemuMatch1.4.1
ORqemuqemuMatch1.4.2
ORqemuqemuMatch1.5.0
ORqemuqemuMatch1.5.0rc1
ORqemuqemuMatch1.5.0rc2
ORqemuqemuMatch1.5.0rc3
ORqemuqemuMatch1.5.1
ORqemuqemuMatch1.5.2
ORqemuqemuMatch1.5.3
ORqemuqemuMatch1.6.0
ORqemuqemuMatch1.6.0rc1
ORqemuqemuMatch1.6.0rc2
ORqemuqemuMatch1.6.0rc3
ORqemuqemuMatch1.6.1
ORqemuqemuMatch1.6.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| qemu | qemu | * | cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.0 | cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.1 | cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.2 | cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.3 | cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.4 | cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.5 | cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.6 | cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:* |
| qemu | qemu | 0.2.0 | cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:* |
| qemu | qemu | 0.3.0 | cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:* |
References
git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f8e9895c504149d7048e9fc5eb5cbb34b16e49a
lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
rhn.redhat.com/errata/RHSA-2014-0743.html
rhn.redhat.com/errata/RHSA-2014-0744.html
Related
prion
prion
Design/Logic Flaw
2014-11-04 21:55:00
ubuntucve
ubuntucve
CVE-2013-4541
2014-02-20 00:00:00
cve
cve
CVE-2013-4541
2014-11-04 21:55:24
debiancve
debiancve
CVE-2013-4541
2014-11-04 21:55:24
cvelist
cvelist
CVE-2013-4541
2014-11-04 21:00:00
securityvulns
securityvulns
[oss-security] Re: CVE request: Qemu: usb: fix up post load checks
2014-05-15 00:00:00
QEMU multiple security vulnerabilities
2014-05-15 00:00:00
nessus
nessus
SuSE 11.3 Security Update : kvm (SAT Patch Number 9142)
2014-05-09 00:00:00
Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20140610)
2014-06-12 00:00:00
CentOS 6 : qemu-kvm (CESA-2014:0743)
2014-06-12 00:00:00
openvas
openvas
SUSE: Security Advisory for kvm (SUSE-SU-2014:0623-1)
2015-10-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:0623-1)
2021-06-09 00:00:00
Oracle: Security Advisory (ELSA-2014-0743)
2015-10-06 00:00:00
suse
suse
Security update for kvm (important)
2014-05-08 19:04:16
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:58:38
Memory Corruption
2019-05-02 04:58:38
Arbitrary Code Execution
2019-05-02 04:58:37
redhat
redhat
(RHSA-2014:0888) Moderate: qemu-kvm-rhev security update
2014-07-24 00:00:00
(RHSA-2014:0744) Moderate: qemu-kvm-rhev security update
2014-06-10 00:00:00
(RHSA-2014:0743) Moderate: qemu-kvm security and bug fix update
2014-06-10 00:00:00
centos
centos
qemu security update
2014-06-11 11:37:18
libcacard, qemu security update
2014-07-25 13:23:24
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2014-06-10 00:00:00
qemu-kvm security and bug fix update
2014-07-23 00:00:00
qemu-kvm security, bug fix, and enhancement update
2015-03-11 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: qemu-1.6.2-5.fc20
2014-05-16 10:01:41
ubuntu
ubuntu
QEMU vulnerabilities
2014-09-08 00:00:00
mageia
mageia
Updated qemu packages fix multiple security vulnerabilities
2014-10-28 14:33:36
osv
osv
qemu-2.6.1-1.5 on GA media
2024-06-15 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.6
Confidence
High
EPSS
0.07
Percentile
94.0%
Related for NVD:CVE-2013-4541