[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1751Date: (C)2012-06-21   (M)2023-12-22


The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.4
Exploit Score: 4.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-44393
SECUNIA-44458
SECUNIA-44648
SECUNIA-44658
SECUNIA-44660
SECUNIA-44900
BID-47927
OSVDB-73395
RHSA-2011:0534
SUSE-SU-2011:0533
USN-1145-1
http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html
http://www.openwall.com/lists/oss-security/2011/05/19/2
http://blog.nelhage.com/2011/08/breaking-out-of-kvm/
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=505597e4476a6bc219d0ec1362b760d71cb4fdca
https://bugzilla.redhat.com/show_bug.cgi?id=699773
https://github.com/nelhage/virtunoid
openSUSE-SU-2011:0510

CWE    1
CWE-20
OVAL    4
oval:org.secpod.oval:def:500165
oval:org.secpod.oval:def:1504153
oval:org.secpod.oval:def:700527
oval:org.secpod.oval:def:600530
...

© SecPod Technologies