Vulnerability Description
Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
CVSS Score
2.3
LOW
AV:A/AC:M/Au:S/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qemu | Qemu | 1.4.0 |
Related Weaknesses (CWE)
References
- http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.htmlPatch
- http://secunia.com/advisories/55015Vendor Advisory
- http://www.openwall.com/lists/oss-security/2013/09/26/5
- http://www.ubuntu.com/usn/USN-2092-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1012633
- http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.htmlPatch
- http://secunia.com/advisories/55015Vendor Advisory
- http://www.openwall.com/lists/oss-security/2013/09/26/5
- http://www.ubuntu.com/usn/USN-2092-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1012633
FAQ
What is CVE-2013-4377?
CVE-2013-4377 is a vulnerability with a CVSS score of 2.3 (LOW). Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
How severe is CVE-2013-4377?
CVE-2013-4377 has been rated LOW with a CVSS base score of 2.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4377?
Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu.