The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qemu qemu 1.0 |
||
qemu qemu 0.12.2 |
||
qemu qemu 0.12.0 |
||
qemu qemu 1.1 |
||
qemu qemu 0.1.6 |
||
qemu qemu 0.13.0 |
||
qemu qemu 0.5.3 |
||
qemu qemu 0.4.2 |
||
qemu qemu 0.10.3 |
||
qemu qemu 0.11.0-rc1 |
||
qemu qemu 0.1.5 |
||
qemu qemu 0.5.1 |
||
qemu qemu 0.8.2 |
||
qemu qemu 0.11.0 |
||
qemu qemu 0.5.5 |
||
qemu qemu 0.10.1 |
||
qemu qemu 0.9.0 |
||
qemu qemu 0.7.2 |
||
qemu qemu 0.12.5 |
||
qemu qemu 0.1.3 |
||
qemu qemu 0.14.0 |
||
qemu qemu 0.11.1 |
||
qemu qemu 0.7.1 |
||
qemu qemu 0.9.1-5 |
||
qemu qemu 1.0.1 |
||
qemu qemu 0.15.0 |
||
qemu qemu 0.5.0 |
||
qemu qemu 0.14.1 |
||
qemu qemu 0.8.1 |
||
qemu qemu 0.11.0-rc2 |
||
qemu qemu 0.10.0 |
||
qemu qemu 0.4.1 |
||
qemu qemu 0.5.2 |
||
qemu qemu 0.12.3 |
||
qemu qemu 0.1.1 |
||
qemu qemu 0.7.0 |
||
qemu qemu 0.1.4 |
||
qemu qemu 0.9.1 |
||
qemu qemu 0.6.0 |
||
qemu qemu 0.6.1 |
||
qemu qemu 0.10.6 |
||
qemu qemu 0.11.0-rc0 |
||
qemu qemu 0.4.3 |
||
qemu qemu 0.1.2 |
||
qemu qemu 0.5.4 |
||
qemu qemu 0.12.4 |
||
qemu qemu 0.10.5 |
||
qemu qemu 0.10.4 |
||
qemu qemu 0.10.2 |
||
qemu qemu 0.12.1 |
||
qemu qemu 0.8.0 |
||
qemu qemu 0.1.0 |
||
qemu qemu 0.2.0 |
||
qemu qemu 0.3.0 |
||
qemu qemu 0.4.0 |
Blackhat USA 2011 wraps up and the Defcon conference starts today. There is a little something for everyone in security here. Aside from the contests, networking, meeting folks in the industry and putting faces to names, I thought that the briefings had two fantastic talks. The first of the two focused on breaking out of the official virtualization platform for Ubuntu and Red Hat, Kernel Based Virtual Machine, or KVM. The second focused on the massive challenges that exist in the current SSL inf...