CVE-2013-4377

Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.

CVSS v2.0 2.3 LOW

2.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:M/Au:S/C:N/I:N/A:P

Exploitability : 4.4 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html	Patch
http://secunia.com/advisories/55015	Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/09/26/5
http://www.ubuntu.com/usn/USN-2092-1
https://bugzilla.redhat.com/show_bug.cgi?id=1012633
http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html	Patch
http://secunia.com/advisories/55015	Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/09/26/5
http://www.ubuntu.com/usn/USN-2092-1
https://bugzilla.redhat.com/show_bug.cgi?id=1012633

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:qemu:qemu:1.4.0:::::::*
	cpe:2.3:a:qemu:qemu:1.4.1:::::::*
	cpe:2.3:a:qemu:qemu:1.4.2:::::::*
	cpe:2.3:a:qemu:qemu:1.5.0:::::::*
	cpe:2.3:a:qemu:qemu:1.5.0:rc1::::::
	cpe:2.3:a:qemu:qemu:1.5.0:rc2::::::
	cpe:2.3:a:qemu:qemu:1.5.0:rc3::::::
	cpe:2.3:a:qemu:qemu:1.5.1:::::::*
	cpe:2.3:a:qemu:qemu:1.5.2:::::::*
	cpe:2.3:a:qemu:qemu:1.5.3:::::::*
	cpe:2.3:a:qemu:qemu:1.6.0:::::::*
	cpe:2.3:a:qemu:qemu:1.6.0:rc1::::::
	cpe:2.3:a:qemu:qemu:1.6.0:rc2::::::
	cpe:2.3:a:qemu:qemu:1.6.0:rc3::::::

History

21 Nov 2024, 01:55

Type	Values Removed	Values Added
References	~~() http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html - Patch~~	() http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html - Patch
References	~~() http://secunia.com/advisories/55015 - Vendor Advisory~~	() http://secunia.com/advisories/55015 - Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2013/09/26/5 -~~	() http://www.openwall.com/lists/oss-security/2013/09/26/5 -
References	~~() http://www.ubuntu.com/usn/USN-2092-1 -~~	() http://www.ubuntu.com/usn/USN-2092-1 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=1012633 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=1012633 -

Information

Published : 2013-10-11 22:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-4377

Mitre link : CVE-2013-4377

CVE.ORG link : CVE-2013-4377

JSON object : View

Products Affected

qemu

qemu

CWE

CWE-399

Resource Management Errors

2.3 /10