CVE-2013-4344

EPSS 0.07%

qemu-kvm - security update

Published: 10/4/2013Modified: 4/28/2026

Description

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

Affected packages (4)

Debian/qemufrom 0, < 1.6.0+dfsg-2
Debian/qemufrom 0, < 1.1.2+dfsg-6a+deb7u3
Debian/qemu-kvmfrom 0, < 1.1.2+dfsg-6+deb7u3
Debian/xenfrom 0, < 4.2-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-4344