PT-2013-4982 · Qemu · Qemu

Sibiao Luo

Published

2013-10-11

Updated

2014-03-06

CVE-2013-4377

CVSS v2.0

2.3

Low

Vector

AV:A/AC:M/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Qemu versions 1.4.0 through 1.6.0

Description A use-after-free issue in the virtio-pci implementation allows local users to cause a denial of service by "hot-unplugging" a virtio device, resulting in a daemon crash.

Recommendations For Qemu versions 1.4.0 through 1.6.0, consider disabling the hot-unplug feature for virtio devices until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2013-4377

MGASA-2014-0060

Affected Products

Qemu

PT-2013-4982 · Qemu · Qemu

CVE-2013-4377

Weakness Enumeration

Related Identifiers

Affected Products

References · 14