Launchpad CVE tracker

CVE 2011-1751

The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."

Related bugs and status

CVE-2011-1751 (Candidate) is related to these bugs:

Bug #804593: Many "Safely remove" icons on virtualized XPs

Summary				In	Importance	Status
	804593	Many "Safely remove" icons on virtualized XPs		qemu-kvm (Ubuntu)	Medium	Fix Released

Bug #878162: [MIR] qemu-kvm pulls packages from universe

Summary				In	Importance	Status
	878162	[MIR] qemu-kvm pulls packages from universe		qemu-kvm (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://blog.nelhage.co...
MISC: https://bugzilla.redha...
MISC: https://github.com/nel...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.osvdb.org/7...
MISC: http://rhn.redhat.com/...
MISC: https://hermes.opensus...
MISC: https://www.ubuntu.com...
MISC: http://lists.nongnu.or...
MISC: http://www.openwall.co...
MISC: http://git.kernel.org/...
MISC: http://lists.opensuse....

Launchpad.net

CVE 2011-1751

Related bugs and status

Related bugs

References