CVE-2011-1751 (retired)

Priority
Description
The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management
emulation in qemu-kvm does not check if a device is hotpluggable before
unplugging the PCI-ISA bridge, which allows privileged guest users to cause
a denial of service (guest crash) and possibly execute arbitrary code by
sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads
to a use-after-free related to "active qemu timers."
Notes
 jdstrand> patch requires several other patches to be applied first
 jdstrand> adding apparmor tag since qemu-kvm is typically used with libvirt
  on Ubuntu, and is therefore confined by AppArmor
Assigned-to
jdstrand
More Information

Updated: 2019-03-26 11:56:24 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)