[Secure-testing-team] Bug#744213: CVE-2013-4544: vmxnet3: lack of data validation coming from guest
Michael Tokarev
mjt at tls.msk.ru
Fri Apr 11 13:30:59 UTC 2014
Source: qemu
Version: 1.4.0~rc0+dfsg-1exp
Severity: grave
Tags: security upstream patch jessie sid
There's a security hole reported for vmxnet3 device as emulated by qemu.
This is a vmware network device.
The vulnerability has been assigned CVE-2013-4544.
The device has been introduced in qemu version 1.4, so older debian releases
are not affected.
The impact is somewhat low still, since only guests using vmxnet3 device are
affected, which should not be many.
Upstream maintainer has a patchset for this issue:
http://thread.gmane.org/gmane.comp.emulators.qemu/265562
Thanks,
/mjt
More information about the Secure-testing-team
mailing list