CVE-2013-4536
HIGHqemu < 1.5.3 - Privilege Escalation via SaveVM Data Corruption
Title source: llmDescription
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
References (2)
Core 2
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1066401
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210727-0002/
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
qemu/qemu
< 1.5.3
Published
May 28, 2021
Tracked Since
Feb 18, 2026