CVE-2013-4531

Published: 20 February 2014

Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image.

Priority

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	saucy	Ignored (end of life)
	trusty	Released (2.0.0+dfsg-2ubuntu1.3)
	upstream	Needed
	Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=24a370ef2351dc596a7e47508b952ddfba79ef94 upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62
qemu-kvm Launchpad, Ubuntu, Debian	lucid	Released (0.12.3+noroms-0ubuntu9.24)
	precise	Released (1.0+noroms-0ubuntu14.17)
	quantal	Ignored (end of life)
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needed

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›