Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-4377

Published: 11 October 2013

Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.

Notes

AuthorNote
seth-arnold
Vulnerability introduced in 1.4.0
mdeslaur
as of 2013-12-09, not yet in upstream repo
v3 of patch proposed 2013-10-15:
http://article.gmane.org/gmane.comp.emulators.qemu/238070
v4 of patch proposed 2013-11-29:
http://article.gmane.org/gmane.comp.emulators.qemu/244052

Priority

Medium

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

raring Ignored
(end of life)
saucy
Released (1.5.0+dfsg-3ubuntu5.3)
upstream Needed

Patches:
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=92304bf3998cedcf3b1026a795edba7e1fd17c74 (saucy bp)
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=0b81c1ef5c677c2a07be5f8bf0dfe2c62ef52115
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=06d3dff0723c712a4b109ced4243edf49ef850af
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=f24a684073bcdaf4e9d3c592345744ba3356d9e3
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=a3fc66d9fd37acbfcee013692246a8ae42bd93bb
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=5e96f5d2f8d2696ef7d2d8d7282c18fa6023470b
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=40dfc16f5fe0afb66f9436718781264dfadb6c61
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=0e86c13fe2058adb8c792ebb7c51a6a7ca9d3d55
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=3786cff5eb384d058395a2729af627fa3253d056
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=e3c9d76acc984218264bbc6435b0c09f959ed9b8
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=baa61b9870dd7e0bb07e0ae61c6ec805db13f699
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=7bb6edb0e3dd78d74e0ac980cf6c0a07307f61bf
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=06a1307379fcd6c551185ad87679cd7ed896b9ea
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=3ffeeef735fdb52ffee2eed4fb398f3a1199728f
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=0f3657ec3664b340ae20b461a7e15dbdac129179
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=179b417e17ada41dce4e8112bea0a78a70b6162c
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=b1a20c3fcab96832c3813e9e7162748f325e0c82
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=284a32f0b33dce4e77e896168387b8dca90c4bea
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=a546fb174162b0186fe6c275476cb45e5cafa68c
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=af7671fdc530dd597b1ddb4561f5ffc0d534c44c
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=7598f0f30e027146ba70517a2bda98d16bac1e24
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=1d244b42d200c02ad60eb564c75d8adea9243366
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=59be75227d3985c9f0a9f5396fc64e357a54defb
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=75884afd5c6c42e523b08565e289dbe319e17ad9
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=863462440d646098d2b83fb0ffa5f165e7f90511
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=e6f746b380ad04246e5cce621f174355f39addcd
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=74def47c8c1453a48f9bd61633050cc681e67fba
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=a8d57dfb28bd8fd8ebddf08d0cfafdcb61a764fb
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=71a6520b83414b4ebe3ecfdee3dc3a70db98c91f
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=0ba94b6f94a5b0bed9f125ce4c3348adc83db5de
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=306ec6c3cece7004429c79c1ac93d49919f1f1cc
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=83d0704734955bf1aa7697af7be2a50e11a80a42 (regression)
qemu-kvm
Launchpad, Ubuntu, Debian
lucid Not vulnerable

precise Not vulnerable

quantal Not vulnerable

raring Does not exist

saucy Does not exist

upstream Not vulnerable