Use after free in QEMU/Xen block unplug protocol

ISSUE DESCRIPTION When unplugging an emulated block device the device was not fully unplugged, meaning a second unplug attempt would attempt to unplug the device a second time using a previously freed pointer. IMPACT An HVM guest which has access to an emulated IDE disk device may be able to...

qemu, xen-tools -- use-after-free in QEMU/Xen block unplug protocol

The Xen Project reports: When unplugging an emulated block device the device was not fully unplugged, meaning a second unplug attempt would attempt to unplug the device a second time using a previously freed pointer. An HVM guest which has access to an emulated IDE disk device may be able to...

Xen Patches VM Escape Flaw

The Xen Project has patched a serious vulnerability that could allow an attacker in a guest virtual machine to escape and gain the ability to run arbitrary code on the host machine. The vulnerability is in the QEMU open source machine emulator that ships as part of the Xen hypervisor. The problem...

QEMU heap overflow flaw while processing certain ATAPI commands.

ISSUE DESCRIPTION The QEMU security team has predisclosed the following advisory: A heap overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with CDROM drive enabled could potentially use thi...