VYPR
Unrated severityNVD Advisory· Published Dec 30, 2019· Updated Aug 6, 2024

CVE-2013-2016

CVE-2013-2016

Description

A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • QEMU/Qemullm-fuzzy
    Range: >=1.3.0
  • qemu/qemu (virtio-rng)v5
    Range: v1.3.0 and later

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.