CVE-2013-1922

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1922 at MITRE

Description

qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 3.32
Vector AV:L/AC:M/Au:N/C:P/I:P/A:N
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entries: 814059 [RESOLVED / FIXED], 934753 [RESOLVED / FIXED], 934768 [NEW]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP3
  • xen >= 4.2.3_08-0.7.1
  • xen-doc-html >= 4.2.3_08-0.7.1
  • xen-doc-pdf >= 4.2.3_08-0.7.1
  • xen-kmp-default >= 4.2.3_08_3.0.101_0.8-0.7.1
  • xen-kmp-pae >= 4.2.3_08_3.0.101_0.8-0.7.1
  • xen-libs >= 4.2.3_08-0.7.1
  • xen-libs-32bit >= 4.2.3_08-0.7.1
  • xen-tools >= 4.2.3_08-0.7.1
  • xen-tools-domU >= 4.2.3_08-0.7.1
Patchnames:
sledsp3-xen-201311
SUSE Linux Enterprise Server 11 SP3
  • xen >= 4.2.3_08-0.7.1
  • xen-doc-html >= 4.2.3_08-0.7.1
  • xen-doc-pdf >= 4.2.3_08-0.7.1
  • xen-kmp-default >= 4.2.3_08_3.0.101_0.8-0.7.1
  • xen-kmp-pae >= 4.2.3_08_3.0.101_0.8-0.7.1
  • xen-libs >= 4.2.3_08-0.7.1
  • xen-libs-32bit >= 4.2.3_08-0.7.1
  • xen-tools >= 4.2.3_08-0.7.1
  • xen-tools-domU >= 4.2.3_08-0.7.1
Patchnames:
slessp3-xen-201311
SUSE Linux Enterprise Software Development Kit 11 SP3
  • xen-devel >= 4.2.3_08-0.7.1
Patchnames:
sdksp3-xen-201311
SUSE Linux Enterprise Software Development Kit 11 SP3
  • xen-devel >= 4.2.3_08-0.7.1
Builds
SAT Patch Nr: 8588
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
  • xen-kmp-default >= 4.2.3_08_3.0.101_0.8-0.7.1
  • xen-kmp-pae >= 4.2.3_08_3.0.101_0.8-0.7.1
  • xen-libs >= 4.2.3_08-0.7.1
  • xen-tools-domU >= 4.2.3_08-0.7.1
Builds
SAT Patch Nr: 8588
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
  • xen >= 4.2.3_08-0.7.1
  • xen-doc-html >= 4.2.3_08-0.7.1
  • xen-doc-pdf >= 4.2.3_08-0.7.1
  • xen-kmp-default >= 4.2.3_08_3.0.101_0.8-0.7.1
  • xen-libs >= 4.2.3_08-0.7.1
  • xen-libs-32bit >= 4.2.3_08-0.7.1
  • xen-tools >= 4.2.3_08-0.7.1
  • xen-tools-domU >= 4.2.3_08-0.7.1
Builds
SAT Patch Nr: 8588
openSUSE 12.3
  • xen >= 4.2.2_06-1.16.1
  • xen-debugsource >= 4.2.2_06-1.16.1
  • xen-devel >= 4.2.2_06-1.16.1
  • xen-doc-html >= 4.2.2_06-1.16.1
  • xen-doc-pdf >= 4.2.2_06-1.16.1
  • xen-kmp-default >= 4.2.2_06_k3.7.10_1.16-1.16.1
  • xen-kmp-default-debuginfo >= 4.2.2_06_k3.7.10_1.16-1.16.1
  • xen-kmp-desktop >= 4.2.2_06_k3.7.10_1.16-1.16.1
  • xen-kmp-desktop-debuginfo >= 4.2.2_06_k3.7.10_1.16-1.16.1
  • xen-kmp-pae >= 4.2.2_06_k3.7.10_1.16-1.16.1
  • xen-kmp-pae-debuginfo >= 4.2.2_06_k3.7.10_1.16-1.16.1
  • xen-libs >= 4.2.2_06-1.16.1
  • xen-libs-32bit >= 4.2.2_06-1.16.1
  • xen-libs-debuginfo >= 4.2.2_06-1.16.1
  • xen-libs-debuginfo-32bit >= 4.2.2_06-1.16.1
  • xen-tools >= 4.2.2_06-1.16.1
  • xen-tools-debuginfo >= 4.2.2_06-1.16.1
  • xen-tools-domU >= 4.2.2_06-1.16.1
  • xen-tools-domU-debuginfo >= 4.2.2_06-1.16.1
Patchnames:
openSUSE-2013-677