CVE-2013-4377
Published: 11 October 2013
Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
Notes
Author | Note |
---|---|
seth-arnold | Vulnerability introduced in 1.4.0 |
mdeslaur | as of 2013-12-09, not yet in upstream repo v3 of patch proposed 2013-10-15: http://article.gmane.org/gmane.comp.emulators.qemu/238070 v4 of patch proposed 2013-11-29: http://article.gmane.org/gmane.comp.emulators.qemu/244052 |