962642 – VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on invalid state load

Bug 962642 - VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on invalid state load

Summary: VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on invalid state load

Status:	RESOLVED FIXED

Alias:	None

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/96387/
Whiteboard:	CVSSv2:SUSE:CVE-2013-4537:3.7:(AV:L/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-01-19 16:47 UTC by Johannes Segitz
Modified:	2021-01-21 18:27 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2016-01-19 16:47:33 UTC

+++ This bug was initially created as a clone of Bug #864391 +++

CVE-2013-4537

s->arglen is taken from wire and used as idx in ssi_sd_transfer().

An user able to alter the savevm data (either on the disk or over the wire
during migration) could use this flaw to to corrupt QEMU process memory on
the (destination) host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.



References:
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00409.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4537
https://bugzilla.redhat.com/show_bug.cgi?id=1066394

Comment 2 Swamp Workflow Management 2016-01-19 23:01:02 UTC

bugbot adjusting priority

Comment 3 Charles Arnold 2016-02-27 00:43:44 UTC

This bug may be included in one or more of the
submissions listed below.

SUSE:SLE-12-SP1:Update: 98638
SUSE:SLE-12:Update: 98642
SUSE:SLE-11-SP4:Update: 98646
SUSE:SLE-11-SP3:Update: 98650
SUSE:SLE-11-SP2:Update: 98654
SUSE:SLE-11-SP1:Update:Teradata: 98658
SUSE:SLE-11-SP1:Update: 98662
SUSE:SLE-10-SP4:Update:Test: 98666
SUSE:SLE-10-SP3:Update:Test: 98670

openSUSE:Factory: 362063
openSUSE:Leap:42.1:Update: 362057
openSUSE:13.2:Update: 362060

Comment 4 Swamp Workflow Management 2016-04-08 17:13:31 UTC

openSUSE-SU-2016:0995-1: An update that fixes 33 vulnerabilities is now available.

Category: security (important)
Bug References: 944463,944697,945989,956829,960334,960707,960725,960835,960861,960862,961332,961358,961691,962335,962360,962611,962627,962632,962642,962758,963782,964413,964431,964452,964644,964925,964929,964950,965156,965315,965317,967012,967969
CVE References: CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5239,CVE-2015-5278,CVE-2015-6815,CVE-2015-6855,CVE-2015-7512,CVE-2015-8345,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2392,CVE-2016-2538
Sources used:
openSUSE 13.2 (src):    xen-4.4.4_02-43.1

Comment 5 Swamp Workflow Management 2016-05-17 16:11:48 UTC

SUSE-SU-2016:1318-1: An update that solves 45 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 954872,956832,957988,958007,958009,958493,958523,958918,959006,959387,959695,960707,960726,960836,960861,960862,961332,961358,961692,962321,962335,962360,962611,962627,962632,962642,962758,963783,963923,964415,964431,964452,964644,964746,964925,964929,964947,964950,965112,965156,965269,965315,965317,967090,967101,968004,969125,969126
CVE References: CVE-2013-4527,CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-7549,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    xen-4.4.4_02-22.19.1
SUSE Linux Enterprise Server 12 (src):    xen-4.4.4_02-22.19.1
SUSE Linux Enterprise Desktop 12 (src):    xen-4.4.4_02-22.19.1