CVE-2013-1922
EPSS 0.08%
Description
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.
How to fix CVE-2013-1922
To remediate CVE-2013-1922, upgrade the affected package to a fixed version below.
- Debian/qemu—upgrade to 1.5.0+dfsg-1 or later
Is CVE-2013-1922 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.5.0+dfsg-1