CVE-2011-1751

Priority
Medium
Description
The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management
emulation in qemu-kvm does not check if a device is hotpluggable before
unplugging the PCI-ISA bridge, which allows privileged guest users to cause
a denial of service (guest crash) and possibly execute arbitrary code by
sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads
to a use-after-free related to "active qemu timers."
References
Bugs
Notes
 jdstrand> patch requires several other patches to be applied first
 jdstrand> adding apparmor tag since qemu-kvm is typically used with libvirt
  on Ubuntu, and is therefore confined by AppArmor
Assigned-to
jdstrand
Package
Upstream:needs-triage
Patches:
Patch:http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html
Vendor:http://www.debian.org/security/2011/dsa-2241
Vendor:https://rhn.redhat.com/errata/RHSA-2011-0534.html
More Information

Updated: 2017-12-15 20:29:19 UTC (commit 13913)