CVE-2013-4377

Priority
Medium
Description
Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0
through 1.6.0 allows local users to cause a denial of service (daemon
crash) by "hot-unplugging" a virtio device.
References
Bugs
Notes
sarnold> Vulnerability introduced in 1.4.0
mdeslaur> as of 2013-12-09, not yet in upstream repo
mdeslaur> v3 of patch proposed 2013-10-15:
mdeslaur> http://article.gmane.org/gmane.comp.emulators.qemu/238070
mdeslaur> v4 of patch proposed 2013-11-29:
mdeslaur> http://article.gmane.org/gmane.comp.emulators.qemu/244052
Assigned-to
mdeslaur
Package
Upstream:not-affected
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 12.10 (Quantal Quetzal):not-affected
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needed
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):released (1.5.0+dfsg-3ubuntu5.3)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.7.0+dfsg-2ubuntu8)
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=92304bf3998cedcf3b1026a795edba7e1fd17c74 (saucy bp)
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=0b81c1ef5c677c2a07be5f8bf0dfe2c62ef52115
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=06d3dff0723c712a4b109ced4243edf49ef850af
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=f24a684073bcdaf4e9d3c592345744ba3356d9e3
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=a3fc66d9fd37acbfcee013692246a8ae42bd93bb
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=5e96f5d2f8d2696ef7d2d8d7282c18fa6023470b
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=40dfc16f5fe0afb66f9436718781264dfadb6c61
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=0e86c13fe2058adb8c792ebb7c51a6a7ca9d3d55
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=3786cff5eb384d058395a2729af627fa3253d056
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=e3c9d76acc984218264bbc6435b0c09f959ed9b8
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=baa61b9870dd7e0bb07e0ae61c6ec805db13f699
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=7bb6edb0e3dd78d74e0ac980cf6c0a07307f61bf
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=06a1307379fcd6c551185ad87679cd7ed896b9ea
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=3ffeeef735fdb52ffee2eed4fb398f3a1199728f
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=0f3657ec3664b340ae20b461a7e15dbdac129179
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=179b417e17ada41dce4e8112bea0a78a70b6162c
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=b1a20c3fcab96832c3813e9e7162748f325e0c82
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=284a32f0b33dce4e77e896168387b8dca90c4bea
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=a546fb174162b0186fe6c275476cb45e5cafa68c
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=af7671fdc530dd597b1ddb4561f5ffc0d534c44c
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=7598f0f30e027146ba70517a2bda98d16bac1e24
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=1d244b42d200c02ad60eb564c75d8adea9243366
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=59be75227d3985c9f0a9f5396fc64e357a54defb
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=75884afd5c6c42e523b08565e289dbe319e17ad9
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=863462440d646098d2b83fb0ffa5f165e7f90511
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=e6f746b380ad04246e5cce621f174355f39addcd
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=74def47c8c1453a48f9bd61633050cc681e67fba
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=a8d57dfb28bd8fd8ebddf08d0cfafdcb61a764fb
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=71a6520b83414b4ebe3ecfdee3dc3a70db98c91f
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=0ba94b6f94a5b0bed9f125ce4c3348adc83db5de
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=306ec6c3cece7004429c79c1ac93d49919f1f1cc
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=83d0704734955bf1aa7697af7be2a50e11a80a42 (regression)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-30 21:14:36 UTC (commit 7696)