CVE-2019-13164

Published: Jul 3, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00145.html

x_refsource_MISC

[oss-security] 20190703 CVE-2019-13164 Qemu: qemu-bridge-helper ACL bypassed with long interface names

mailing-list

x_refsource_MLIST

http://www.openwall.com/lists/oss-security/2019/07/02/2

x_refsource_MISC

109054

vdb-entry

x_refsource_BID

20190825 [SECURITY] [DSA 4506-1] qemu security update

mailing-list

x_refsource_BUGTRAQ

DSA-4506

vendor-advisory

x_refsource_DEBIAN

openSUSE-SU-2019:2041

vendor-advisory

x_refsource_SUSE

DSA-4512

vendor-advisory

x_refsource_DEBIAN

20190902 [SECURITY] [DSA 4512-1] qemu security update

mailing-list

x_refsource_BUGTRAQ

openSUSE-SU-2019:2059

vendor-advisory

x_refsource_SUSE

[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update

mailing-list

x_refsource_MLIST

USN-4191-2

vendor-advisory

x_refsource_UBUNTU

USN-4191-1

vendor-advisory

x_refsource_UBUNTU

GLSA-202003-66

vendor-advisory

x_refsource_GENTOO

https://github.com/qemu/qemu/commit/03d7712b4bcd47bfe0fe14ba2fffa87e111fa086

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-13164

Description

Affected Products

References