CVE-2011-1751

Name of the Vulnerable Software and Affected Versions qemu-kvm (affected versions not specified)

Description The issue is related to the pciej write function in the PIIX4 Power Management emulation, which does not properly check if a device is hotpluggable before unplugging the PCI-ISA bridge. This allows privileged guest users to potentially cause a denial of service, leading to a guest crash, and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI EJ BASE) I/O port. The issue is related to a use-after-free problem concerning "active qemu timers."

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.