CVE Vulnerabilities

CVE-2013-4377

Published: Oct 11, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.3 LOW
AV:A/AC:M/Au:S/C:N/I:N/A:P
RedHat/V2
2.3 MODERATE
AV:A/AC:M/Au:S/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by hot-unplugging a virtio device.

Affected Software

Name Vendor Start Version End Version
Qemu Qemu 1.4.0 (including) 1.4.0 (including)
Qemu Qemu 1.4.1 (including) 1.4.1 (including)
Qemu Qemu 1.4.2 (including) 1.4.2 (including)
Qemu Qemu 1.5.0 (including) 1.5.0 (including)
Qemu Qemu 1.5.0-rc1 (including) 1.5.0-rc1 (including)
Qemu Qemu 1.5.0-rc2 (including) 1.5.0-rc2 (including)
Qemu Qemu 1.5.0-rc3 (including) 1.5.0-rc3 (including)
Qemu Qemu 1.5.1 (including) 1.5.1 (including)
Qemu Qemu 1.5.2 (including) 1.5.2 (including)
Qemu Qemu 1.5.3 (including) 1.5.3 (including)
Qemu Qemu 1.6.0 (including) 1.6.0 (including)
Qemu Qemu 1.6.0-rc1 (including) 1.6.0-rc1 (including)
Qemu Qemu 1.6.0-rc2 (including) 1.6.0-rc2 (including)
Qemu Qemu 1.6.0-rc3 (including) 1.6.0-rc3 (including)
Qemu Ubuntu devel *
Qemu Ubuntu raring *
Qemu Ubuntu saucy *
Qemu Ubuntu upstream *

References