CVE-2013-4377
Publication date 11 October 2013
Last updated 24 July 2024
Ubuntu priority
Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
Status
Package | Ubuntu Release | Status |
---|---|---|
qemu | ||
qemu-kvm | ||
Notes
seth-arnold
Vulnerability introduced in 1.4.0
mdeslaur
as of 2013-12-09, not yet in upstream repo v3 of patch proposed 2013-10-15: http://article.gmane.org/gmane.comp.emulators.qemu/238070 v4 of patch proposed 2013-11-29: http://article.gmane.org/gmane.comp.emulators.qemu/244052
Patch details
References
Related Ubuntu Security Notices (USN)
- USN-2092-1
- QEMU vulnerabilities
- 30 January 2014