CVE-2013-1922 (retired)

Priority
Description
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk
image based on the header, which allows local guest OS administrators to
read arbitrary files on the host by modifying the header to identify a
different format, which is used when the guest is restarted, a different
vulnerability than CVE-2008-2004.
Notes
 jdstrand> attack is: privileged attacker in the guest that uses a raw image
  writes data to beginning of device. Later, someone on the host uses qemu-nbd
  on the attacker-modified image. When the guest is rebooted, the attacker may
  have access to other files.
 jdstrand> On Ubuntu, the preferred virtualization management technology is
  libvirt. As of USN-1008-1, libvirt does not probe the disk format, which
  reduces this attack to a denial of server for the guest (ie, the
  attacker-modified image is not usable on reboot).
 jdstrand> TODO: review use in nova
 mdeslaur> patch just introduced new --format option. Default behaviour is
 mdeslaur> still to autodetect. Adding this new option doesn't fix the
 mdeslaur> issue by itself, so marking as "low"
 mdeslaur> We will not be fixing this issue in Ubuntu 12.04 LTS.
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needed
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.5.0+dfsg-3ubuntu2)
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=e6b636779b51c97e67694be740ee972c52460c59
Package
Upstream:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=e6b636779b51c97e67694be740ee972c52460c59
More Information

Updated: 2019-09-19 15:44:09 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)