CVE-2013-4377

Qemu 1.4.0-1.6.0 - Use-After-Free via Virtio-PCI Device Hot-Unplug

Title source: llm
STIX 2.1

Description

Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.

References (5)

Core 5
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1012633
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55015
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2092-1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/09/26/5

Scores

EPSS 0.0010
EPSS Percentile 27.2%

Details

CWE
CWE-399
Status published
Products (8)
qemu/qemu 1.4.0
qemu/qemu 1.4.1
qemu/qemu 1.4.2
qemu/qemu 1.5.0 (4 CPE variants)
qemu/qemu 1.5.1
qemu/qemu 1.5.2
qemu/qemu 1.5.3
qemu/qemu 1.6.0 (4 CPE variants)
Published Oct 11, 2013
Tracked Since Feb 18, 2026