CVE-2013-4536
CVE-2013-4536
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
28 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
Affected products
n/a · qemuWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →