CVE-2013-1922

Priority
Description
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk
image based on the header, which allows local guest OS administrators to
read arbitrary files on the host by modifying the header to identify a
different format, which is used when the guest is restarted, a different
vulnerability than CVE-2008-2004.
Notes
jdstrandattack is: privileged attacker in the guest that uses a raw image
writes data to beginning of device. Later, someone on the host uses qemu-nbd
on the attacker-modified image. When the guest is rebooted, the attacker may
have access to other files.
On Ubuntu, the preferred virtualization management technology is
libvirt. As of USN-1008-1, libvirt does not probe the disk format, which
reduces this attack to a denial of server for the guest (ie, the
attacker-modified image is not usable on reboot).
TODO: review use in nova
mdeslaurpatch just introduced new --format option. Default behaviour is
still to autodetect. Adding this new option doesn't fix the
issue by itself, so marking as "low"
We will not be fixing this issue in Ubuntu 12.04 LTS.
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needed
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (1.5.0+dfsg-3ubuntu2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.5.0+dfsg-3ubuntu2)
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=e6b636779b51c97e67694be740ee972c52460c59
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=e6b636779b51c97e67694be740ee972c52460c59
More Information

Updated: 2020-01-29 19:46:45 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)