CVE-2013-1922
Xen 4.2.x - Arbitrary File Read via qemu-nbd Disk Image Header
Title source: llmDescription
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1028426
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103637.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55082
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201309-24.xml
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104036.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/04/16/2
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/04/15/3
Scores
EPSS
0.0008
EPSS Percentile
23.2%
Details
CWE
CWE-264
Status
published
Products (3)
xen/xen
4.2.0
xen/xen
4.2.1
xen/xen
4.2.2
Published
May 13, 2013
Tracked Since
Feb 18, 2026