Vulnerability CVE-2013-2016

Vulnerability Name:

CVE-2013-2016 (CCN-83850)

Assigned:

2013-04-29

Published:

2013-04-29

Updated:

2020-08-18

Summary:

A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-269

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2013-2016

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html

Source: CCN
Type: QEMU Web site
QEMU

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/04/29/5

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/04/29/6

Source: CCN
Type: BID-59541
QEMU CVE-2013-2016 Out of Bounds Local Privilege Escalation Vulnerability

Source: MISC
Type: Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/59541

Source: MISC
Type: Third Party Advisory
https://access.redhat.com/security/cve/cve-2013-2016

Source: CCN
Type: Red Hat Bugzilla Bug 957155
CVE-2013-2016 qemu: virtio: out-of-bounds config space access

Source: MISC
Type: Exploit, Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016

Source: MISC
Type: Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/83850

Source: XF
Type: UNKNOWN
qemu-cve20132016-priv-esc(83850)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d

Source: MISC
Type: Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2013-2016

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-2016

Vulnerable Configuration:

Configuration 1:

cpe:/a:qemu:qemu:*:*:*:*:*:*:*:* (Version >= 1.3.0 and <= 1.4.2)

OR cpe:/a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:novell:open_desktop_server:11.0:sp3:*:*:*:linux_kernel:*:*

OR cpe:/a:novell:open_enterprise_server:11.0:sp3:*:*:*:linux_kernel:*:*

Configuration CCN 1:

cpe:/a:fabrice_bellard:qemu:0.8.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20132016	V	CVE-2013-2016	2022-05-20
oval:org.opensuse.security:def:32244	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:31720	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:26143	P	Security update for curl (Moderate)	2021-10-11
oval:org.opensuse.security:def:31646	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:31634	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:42575	P	kvm-1.4.2-30.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36168	P	kvm-1.4.2-30.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26059	P	Security update for postgresql12 (Moderate)	2021-05-27
oval:org.opensuse.security:def:32088	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:33092	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:31635	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:32001	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:26347	P	Security update for jq (Low)	2020-12-01
oval:org.opensuse.security:def:31944	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:25729	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:26435	P	Security update for znc (Low)	2020-12-01
oval:org.opensuse.security:def:25921	P	Recommended update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26493	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:32300	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:27166	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32388	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:26294	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:31852	P	Recommended udpate for SUSE Manager Client Tools (Low)	2020-12-01
oval:org.opensuse.security:def:25718	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:32454	P	Security update for xorg-x11-libICE (Moderate)	2020-12-01
oval:org.opensuse.security:def:26396	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25793	P	Security update for icedtea-web (Moderate)	2020-12-01
oval:org.opensuse.security:def:33131	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26449	P	Security update for nginx (Moderate)	2020-12-01
oval:org.opensuse.security:def:26002	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:27131	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32349	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:25717	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32410	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.mitre.oval:def:25403	P	SUSE-SU-2014:0623-1 -- Security update for kvm	2014-09-08
oval:com.ubuntu.precise:def:20132016000	V	CVE-2013-2016 on Ubuntu 12.04 LTS (precise) - low.	2013-04-30

BACK