Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-4344 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does not affect the kvm and xen packages as shipped with Red Hat Enterprise Linux 5.
This issue does affect the qemu-kvm package as shipped with Red Hat Enterprise Linux 6. Future qemu-kvm updates in Red Hat Enterprise Linux 6 may address this flaw.
| Base Score | 4 |
|---|---|
| Base Metrics | AV:A/AC:H/Au:S/C:P/I:P/A:P |
| Access Vector | Adjacent Network |
| Access Complexity | High |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| RHEV Agents (vdsm) (qemu-kvm-rhev) | RHSA-2013:1754 | 2013-11-21 |
| Red Hat Enterprise Linux 6 (qemu-kvm) | RHSA-2013:1553 | 2013-11-20 |
| RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) | RHSA-2013:1527 | 2013-11-21 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected |
| Red Hat Enterprise Linux 5 | xen | Not affected |
| Red Hat Enterprise Linux 5 | kvm | Not affected |
Vulmon