Описание
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
Отчет
This issue does not affect the kvm and xen packages as shipped with Red Hat Enterprise Linux 5. This issue does affect the qemu-kvm package as shipped with Red Hat Enterprise Linux 6. Future qemu-kvm updates in Red Hat Enterprise Linux 6 may address this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Not affected | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Fixed | RHSA-2013:1553 | 20.11.2013 |
| RHEV 3.X Hypervisor and Agents for RHEL-6 | qemu-kvm-rhev | Fixed | RHSA-2013:1754 | 21.11.2013 |
| RHEV 3.X Hypervisor and Agents for RHEL-6 | rhev-hypervisor6 | Fixed | RHSA-2013:1527 | 21.11.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, wh ...
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
ELSA-2013-1553: qemu-kvm security, bug fix, and enhancement update (IMPORTANT)
EPSS
4 Medium
CVSS2