2.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.2%
Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0
through 1.6.0 allows local users to cause a denial of service (daemon
crash) by “hot-unplugging” a virtio device.
Author | Note |
---|---|
seth-arnold | Vulnerability introduced in 1.4.0 |
mdeslaur | as of 2013-12-09, not yet in upstream repo v3 of patch proposed 2013-10-15: http://article.gmane.org/gmane.comp.emulators.qemu/238070 v4 of patch proposed 2013-11-29: http://article.gmane.org/gmane.comp.emulators.qemu/244052 |