CVE-2013-4377

Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by “hot-unplugging” a virtio device.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
qemu	13.10 saucy	Fixed 1.5.0+dfsg-3ubuntu5.3
	13.04 raring	Ignored end of life
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
qemu-kvm	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not affected

Notes

as of 2013-12-09, not yet in upstream repo v3 of patch proposed 2013-10-15: http://article.gmane.org/gmane.comp.emulators.qemu/238070 v4 of patch proposed 2013-11-29: http://article.gmane.org/gmane.comp.emulators.qemu/244052

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
qemu	Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=92304bf3998cedcf3b1026a795edba7e1fd17c74 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=0b81c1ef5c677c2a07be5f8bf0dfe2c62ef52115 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=06d3dff0723c712a4b109ced4243edf49ef850af Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=f24a684073bcdaf4e9d3c592345744ba3356d9e3 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=a3fc66d9fd37acbfcee013692246a8ae42bd93bb Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=5e96f5d2f8d2696ef7d2d8d7282c18fa6023470b Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=40dfc16f5fe0afb66f9436718781264dfadb6c61 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=0e86c13fe2058adb8c792ebb7c51a6a7ca9d3d55 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=3786cff5eb384d058395a2729af627fa3253d056 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=e3c9d76acc984218264bbc6435b0c09f959ed9b8 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=baa61b9870dd7e0bb07e0ae61c6ec805db13f699 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=7bb6edb0e3dd78d74e0ac980cf6c0a07307f61bf Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=06a1307379fcd6c551185ad87679cd7ed896b9ea Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=3ffeeef735fdb52ffee2eed4fb398f3a1199728f Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=0f3657ec3664b340ae20b461a7e15dbdac129179 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=179b417e17ada41dce4e8112bea0a78a70b6162c Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=b1a20c3fcab96832c3813e9e7162748f325e0c82 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=284a32f0b33dce4e77e896168387b8dca90c4bea Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=a546fb174162b0186fe6c275476cb45e5cafa68c Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=af7671fdc530dd597b1ddb4561f5ffc0d534c44c Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=7598f0f30e027146ba70517a2bda98d16bac1e24 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=1d244b42d200c02ad60eb564c75d8adea9243366 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=59be75227d3985c9f0a9f5396fc64e357a54defb Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=75884afd5c6c42e523b08565e289dbe319e17ad9 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=863462440d646098d2b83fb0ffa5f165e7f90511 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=e6f746b380ad04246e5cce621f174355f39addcd Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=74def47c8c1453a48f9bd61633050cc681e67fba Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=a8d57dfb28bd8fd8ebddf08d0cfafdcb61a764fb Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=71a6520b83414b4ebe3ecfdee3dc3a70db98c91f Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=0ba94b6f94a5b0bed9f125ce4c3348adc83db5de Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=306ec6c3cece7004429c79c1ac93d49919f1f1cc Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=83d0704734955bf1aa7697af7be2a50e11a80a42

Package

Patch details

qemu

References

Related Ubuntu Security Notices (USN)

USN-2092-1
QEMU vulnerabilities
30 January 2014

Status

Notes

seth-arnold

mdeslaur

Patch details

References

Related Ubuntu Security Notices (USN)

Other references