A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-12-30T21:47:07

Updated: 2024-08-06T15:20:37.490Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-2016

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-12-30T22:15:11.387

Modified: 2024-11-21T01:50:52.110

Link: CVE-2013-2016

cve-icon Redhat

Severity : Important

Publid Date: 2013-04-25T00:00:00Z

Links: CVE-2013-2016 - Bugzilla