Bugzilla – Bug 964452
VUL-0: CVE-2013-4534: xen: openpic: buffer overrun on incoming migration
Last modified: 2021-01-21 18:27:42 UTC
+++ This bug was initially created as a clone of Bug #864811 +++ CVE-2013-4534 opp->nb_cpus is read from the wire and used to determine how many IRQDest elements to read into opp->dst[]. If the value exceeds the length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with arbitrary data from the wire. An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4534 https://bugzilla.redhat.com/show_bug.cgi?id=1066405
bugbot adjusting priority
This bug may be included in one or more of the submissions listed below. SUSE:SLE-12-SP1:Update: 98638 SUSE:SLE-12:Update: 98642 SUSE:SLE-11-SP4:Update: 98646 SUSE:SLE-11-SP3:Update: 98650 SUSE:SLE-11-SP2:Update: 98654 SUSE:SLE-11-SP1:Update:Teradata: 98658 SUSE:SLE-11-SP1:Update: 98662 SUSE:SLE-10-SP4:Update:Test: 98666 SUSE:SLE-10-SP3:Update:Test: 98670 openSUSE:Factory: 362063 openSUSE:Leap:42.1:Update: 362057 openSUSE:13.2:Update: 362060
openSUSE-SU-2016:0995-1: An update that fixes 33 vulnerabilities is now available. Category: security (important) Bug References: 944463,944697,945989,956829,960334,960707,960725,960835,960861,960862,961332,961358,961691,962335,962360,962611,962627,962632,962642,962758,963782,964413,964431,964452,964644,964925,964929,964950,965156,965315,965317,967012,967969 CVE References: CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5239,CVE-2015-5278,CVE-2015-6815,CVE-2015-6855,CVE-2015-7512,CVE-2015-8345,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2392,CVE-2016-2538 Sources used: openSUSE 13.2 (src): xen-4.4.4_02-43.1
SUSE-SU-2016:1318-1: An update that solves 45 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 954872,956832,957988,958007,958009,958493,958523,958918,959006,959387,959695,960707,960726,960836,960861,960862,961332,961358,961692,962321,962335,962360,962611,962627,962632,962642,962758,963783,963923,964415,964431,964452,964644,964746,964925,964929,964947,964950,965112,965156,965269,965315,965317,967090,967101,968004,969125,969126 CVE References: CVE-2013-4527,CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-7549,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): xen-4.4.4_02-22.19.1 SUSE Linux Enterprise Server 12 (src): xen-4.4.4_02-22.19.1 SUSE Linux Enterprise Desktop 12 (src): xen-4.4.4_02-22.19.1
Please disregard Update for SUSE:SLE-12-SP1:Update was handled in SUSE:Maintenance:2142 No update was released for SLE 12 SP1, was not affected