Remote Code Execution Vulnerability in QEMU by QEMU
CVE-2013-4535

8.8HIGH

Key Information:

Vendor

Qemu
Status
Qemu
Vendor
CVE Published:
11 February 2020

What is CVE-2013-4535?

A vulnerability in the virtqueue_map_sg function within QEMU allows remote attackers to execute arbitrary files on affected systems. This is achieved through a maliciously crafted savevm image that exploits the underlying architecture of virtio-block or virtio-serial read operations. Systems running versions of QEMU prior to 1.7.2 are particularly at risk, necessitating immediate attention to security measures to mitigate potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QEMU before 1.7.2

References

http://lists.nongnu.org/archive/html/qemu-stable/2014-07/...
x_refsource_MISC
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a...
x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.