CVE-2013-1922

Severity

32%

Complexity

34%

Confidentiality

81%

qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.

qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.

CVSS 2.0 Base Score 3.3. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:N).

Overview

Type

Xen

First reported 12 years ago

2013-05-13 23:55:00

Last updated 11 years ago

2013-12-01 04:27:00

Affected Software

Xen 4.2.0

4.2.0

Xen 4.2.1

4.2.1

Xen 4.2.2

4.2.2

References

FEDORA-2013-6185

FEDORA-2013-6221

FEDORA-2013-6211

55082

GLSA-201309-24

[oss-security] 20130415 Xen Security Advisory 48 (CVE-2013-1922) - qemu-nbd format-guessing due to missing format specification

[oss-security] 20130416 CVE-2013-1922 -- qemu: qemu-nbd block format auto-detection vulnerability

1028426

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.