CVE-2013-2016

Priority
Description
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates
addresses when guest accesses the config space of a virtio device. If the
virtio device has zero/small sized config space, such as virtio-rng, a
privileged guest user could use this flaw to access the matching host's
qemu address space and thus increase their privileges on the host.
Notes
mdeslaurintroduced in 1.3.0+
low because of mmap_min_addr
Package
Source: kvm (LP Ubuntu Debian)
Upstream:needed
Package
Source: qemu (LP Ubuntu Debian)
Upstream:released (1.5.0)
Package
Upstream:not-affected
Package
Upstream:not-affected
Package
Upstream:not-affected
More Information

Updated: 2020-09-10 02:37:06 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)