qemu, xen-tools -- use-after-free in QEMU/Xen block unplug protocol

2015-08-0300:00:00

vuxml.freebsd.org

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.6%

JSON

The Xen Project reports:

When unplugging an emulated block device the device was not fully
unplugged, meaning a second unplug attempt would attempt to unplug
the device a second time using a previously freed pointer.
An HVM guest which has access to an emulated IDE disk device may be
able to exploit this vulnerability in order to take over the qemu
process elevating its privilege to that of the qemu process.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchqemu<= 0.11.1_20UNKNOWN
FreeBSDanynoarchqemu-devel<= 0.11.1_20UNKNOWN
FreeBSDanynoarchqemu-sbruno< 2.4.50.g20150814UNKNOWN
FreeBSDanynoarchqemu-user-static< 2.4.50.g20150814UNKNOWN
FreeBSDanynoarchxen-tools< 4.5.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	qemu	<= 0.11.1_20	UNKNOWN
FreeBSD	any	noarch	qemu-devel	<= 0.11.1_20	UNKNOWN
FreeBSD	any	noarch	qemu-sbruno	< 2.4.50.g20150814	UNKNOWN
FreeBSD	any	noarch	qemu-user-static	< 2.4.50.g20150814	UNKNOWN
FreeBSD	any	noarch	xen-tools	< 4.5.1	UNKNOWN