Summary: | app-emulation/xen: Privilege escalation (CVE-2013-4344) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | major | CC: | idella4, xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2013-10-24 00:26:30 UTC
qemu contains a possible buffer overflow .............. ................. Xen systems do not use the qemu SCSI code by default. VULNERABLE SYSTEMS ================== Only Xen systems whose administrators have deliberately configured HVM guests to have emulated SCSI controllers, and where those guests are provided with more than 256 devices, are vulnerable. We are not aware of any such systems. So what is it we have here? A white elephant or is it a red herring? To my understanding this reads as a qemu security issue. xen uses qemu which was qemu-kvm which is again qemu I think... and then it has the options qemu-xen vs. xemu-xen-traditional. http://xenbits.xen.org/xsa/advisory-65.html lists NO PATCH. Confirmed by Maintainer: bug in qemu, NO patch for xen (no action for us) Closing Invalid. |