1. CVE-Search
  2. CVE-2013-4377
ID CVE-2013-4377
Summary Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*
CVSS
Base: 2.3 (as of 06-03-2014 - 04:47)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:A/AC:M/Au:S/C:N/I:N/A:P
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1012633
mlist
  • [Qemu-devel] 20130920 [PATCH 11/11] virtio-pci: add device_unplugged callback
  • [oss-security] 20130926 Re: CVE request: qemu host crash from within guest
secunia 55015
ubuntu USN-2092-1
Last major update 06-03-2014 - 04:47
Published 11-10-2013 - 22:55
Last modified 06-03-2014 - 04:47
Back to Top