Multiple vulnerabilities in QEMU QEMU
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2013-4535 CVE-2017-2633 |
| CWE-ID | CWE-20 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
QEMU Client/Desktop applications / Virtualization software |
| Vendor | QEMU |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU30371
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4535
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: 1.7.0 - 1.7.1
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
http://rhn.redhat.com/errata/RHSA-2014-0743.html
http://rhn.redhat.com/errata/RHSA-2014-0744.html
http://bugzilla.redhat.com/show_bug.cgi?id=1066401
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU31252
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2633
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: 1.7.0 - 1.7.1
CPE2.3 External linkshttp://www.openwall.com/lists/oss-security/2017/02/23/1
http://www.securityfocus.com/bid/96417
http://access.redhat.com/errata/RHSA-2017:1205
http://access.redhat.com/errata/RHSA-2017:1206
http://access.redhat.com/errata/RHSA-2017:1441
http://access.redhat.com/errata/RHSA-2017:1856
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
