CVE-2013-1922
The MITRE CVE dictionary describes this issue as:
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.
Find out more about CVE-2013-1922 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Not vulnerable.
This issue does not affect versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5. This issue does not affect versions of qemu-kvm packages as shipped with Red Hat Enterprise Linux 5 and 6.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 4.7 |
|---|---|
| Base Metrics | AV:L/AC:M/Au:N/C:C/I:N/A:N |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat OpenStack Platform 2.1 | openstack-nova | Will not fix |
| Red Hat OpenStack Platform 2.0 | openstack-nova | Will not fix |
| Red Hat OpenStack Platform 2.0 | qemu-kvm-rhev | Will not fix |
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected |
| Red Hat Enterprise Linux 5 | kvm | Not affected |
| RHOS Essex Release | openstack-nova | Will not fix |
Acknowledgements
This issue was found by Daniel Berrange of Red Hat.CVE description copyright © 2017, The MITRE Corporation