Published: 21/06/2012 Updated: 13/02/2023

CVSS v2 Base Score: 7.4 | Impact Score: 10 | Exploitability Score: 4.4

VMScore: 659

Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C

The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu 1.0
qemu qemu 0.12.2
qemu qemu 0.12.0
qemu qemu 1.1
qemu qemu 0.1.6
qemu qemu 0.13.0
qemu qemu 0.5.3
qemu qemu 0.4.2
qemu qemu 0.10.3
qemu qemu 0.11.0-rc1
qemu qemu 0.1.5
qemu qemu 0.5.1
qemu qemu 0.8.2
qemu qemu 0.11.0
qemu qemu 0.5.5
qemu qemu 0.10.1
qemu qemu 0.9.0
qemu qemu 0.7.2
qemu qemu 0.12.5
qemu qemu 0.1.3
qemu qemu 0.14.0
qemu qemu 0.11.1
qemu qemu 0.7.1
qemu qemu 0.9.1-5
qemu qemu 1.0.1
qemu qemu 0.15.0
qemu qemu 0.5.0
qemu qemu 0.14.1
qemu qemu 0.8.1
qemu qemu 0.11.0-rc2
qemu qemu 0.10.0
qemu qemu 0.4.1
qemu qemu 0.5.2
qemu qemu 0.12.3
qemu qemu 0.1.1
qemu qemu 0.7.0
qemu qemu 0.1.4
qemu qemu 0.9.1
qemu qemu 0.6.0
qemu qemu 0.6.1
qemu qemu 0.10.6
qemu qemu 0.11.0-rc0
qemu qemu 0.4.3
qemu qemu 0.1.2
qemu qemu 0.5.4
qemu qemu 0.12.4
qemu qemu 0.10.5
qemu qemu 0.10.4
qemu qemu 0.10.2
qemu qemu 0.12.1
qemu qemu 0.8.0
qemu qemu 0.1.0
qemu qemu 0.2.0
qemu qemu 0.3.0
qemu qemu 0.4.0

A privileged attacker within a QEMU guest could cause QEMU to crash ...

Nelson Elhage discovered that incorrect memory handling during the removal of ISA devices in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service or the execution of arbitrary code For the stable distribution (squeeze), this problem has been fixed in version 0125+dfsg-5+squeeze2 For the unstable distribution ...

Blackhat USA 2011 Talks

Securelist • Kurt Baumgartner • 05 Aug 2011

Blackhat USA 2011 wraps up and the Defcon conference starts today. There is a little something for everyone in security here. Aside from the contests, networking, meeting folks in the industry and putting faces to names, I thought that the briefings had two fantastic talks. The first of the two focused on breaking out of the official virtualization platform for Ubuntu and Red Hat, Kernel Based Virtual Machine, or KVM. The second focused on the massive challenges that exist in the current SSL inf...

CVE-2011-1751

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect