CVE-2013-4344

Priority
Low
Description
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a
SCSI controller has more than 256 attached devices, allows local users to
gain privileges via a small transfer buffer in a REPORT LUNS command.
References
Bugs
Notes
mdeslaur> needs the admin to configure more than 256 scsi devices,
mdeslaur> downgrading to low
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (code not present)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Source: xen (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (code not present)
Ubuntu 12.10 (Quantal Quetzal):not-affected (code not present)
Ubuntu 13.10 (Saucy Salamander):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (code not present)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.0+noroms-0ubuntu14.13)
Ubuntu 12.10 (Quantal Quetzal):released (1.2.0+noroms-0ubuntu2.12.10.6)
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=846424350b292f16b732b573273a5c1f195cd7a3
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):released (1.5.0+dfsg-3ubuntu5.3)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.7.0+dfsg-2ubuntu5)
Patches:
Upstream:http://article.gmane.org/gmane.comp.emulators.qemu/237163
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=846424350b292f16b732b573273a5c1f195cd7a3
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-30 21:14:35 UTC (commit 7696)