CVE-2013-4344
UnknownEPSS 0.43%
Last modified
CVE-2013-4344 is a vulnerability of currently unknown severity. Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qemu | Qemu | <= 1.6.2 |
| Opensuse | Opensuse | 12.3 |
| Opensuse | Opensuse | 13.1 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Redhat | Virtualization | 3.0 |
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Ubuntu Linux | 12.10 |
| Canonical | Ubuntu Linux | 13.10 |
References
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.htmlMailing List, Third Party Advisory
- http://osvdb.org/98028Broken Link
- http://rhn.redhat.com/errata/RHSA-2013-1553.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1754.htmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2013/10/02/2Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/62773Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2092-1Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.htmlMailing List, Third Party Advisory
- http://osvdb.org/98028Broken Link
- http://rhn.redhat.com/errata/RHSA-2013-1553.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1754.htmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2013/10/02/2Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/62773Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2092-1Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-4344?
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
How severe is CVE-2013-4344?
Severity scoring for CVE-2013-4344 is pending analysis. The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.
How do I fix CVE-2013-4344?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2013-4344?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST