A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2019-12-30T21:47:07
Updated: 2024-08-06T15:20:37.490Z
Reserved: 2013-02-19T00:00:00
Link: CVE-2013-2016
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-30T22:15:11.387
Modified: 2024-11-21T01:50:52.110
Link: CVE-2013-2016
Redhat