CVE-2013-4537

Published: 20 February 2014

The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.

Priority

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	saucy	Ignored (end of life)
	trusty	Released (2.0.0+dfsg-2ubuntu1.3)
	upstream	Needed
	Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=a9c380db3b8c6af19546a68145c8d1438a09c92b
qemu-kvm Launchpad, Ubuntu, Debian	lucid	Released (0.12.3+noroms-0ubuntu9.24)
	precise	Released (1.0+noroms-0ubuntu14.17)
	quantal	Ignored (end of life)
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needed

References

http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00409.html
https://ubuntu.com/security/notices/USN-2342-1
https://www.cve.org/CVERecord?id=CVE-2013-4537
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›