CVE-2013-4542
Published: 20 February 2014
The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
qemu Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Released
(2.0.0+dfsg-2ubuntu1.3)
|
|
| upstream |
Needed
|
|
|
Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=3c3ce981423e0d6c18af82ee62f1850c2cda5976 |
||
|
qemu-kvm Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(code not present)
|
| precise |
Not vulnerable
(code not present)
|
|
| quantal |
Ignored
(end of life)
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needed
|
|