Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1751

Overview

Vulnerability Score 7.4 7.4
CVE Id CVE-2011-1751
Last Modified 13 Feb 2013 11:40:56
Published 21 Jun 2012 11:55:09
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-1751

Summary

The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."

Vulnerable Systems

Application

  • Qemu 0.1

  • Qemu 0.1.1

  • Qemu 0.1.2

  • Qemu 0.1.3

  • Qemu 0.1.4

  • Qemu 0.1.5

  • Qemu 0.1.6

  • Qemu 0.10.0

  • Qemu 0.10.1

  • Qemu 0.10.2

  • Qemu 0.10.3

  • Qemu 0.10.4

  • Qemu 0.10.5

  • Qemu 0.10.6

  • Qemu 0.11.0

  • Qemu 0.11.0-rc0

  • Qemu 0.11.0-rc1

  • Qemu 0.11.0-rc2

  • Qemu 0.11.1

  • Qemu 0.12.0

  • Qemu 0.12.1

  • Qemu 0.12.2

  • Qemu 0.12.3

  • Qemu 0.12.4

  • Qemu 0.12.5

  • Qemu 0.13.0

  • Qemu 0.14.0

  • Qemu 0.14.1

  • Qemu 0.15.0

  • Qemu 0.2

  • Qemu 0.3

  • Qemu 0.4

  • Qemu 0.4.1

  • Qemu 0.4.2

  • Qemu 0.4.3

  • Qemu 0.5.0

  • Qemu 0.5.1

  • Qemu 0.5.2

  • Qemu 0.5.3

  • Qemu 0.5.4

  • Qemu 0.5.5

  • Qemu 0.6.0

  • Qemu 0.6.1

  • Qemu 0.7.0

  • Qemu 0.7.1

  • Qemu 0.7.2

  • Qemu 0.8.0

  • Qemu 0.8.1

  • Qemu 0.8.2

  • Qemu 0.9.0

  • Qemu 0.9.1

  • Qemu 0.9.1-5

  • Qemu 1.0

  • Qemu 1.0.1

  • Qemu 1.1


References

UBUNTU - USN-1145-1

SUSE - SUSE-SU-2011:0533

MISC - https://github.com/nelhage/virtunoid

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=699773

OSVDB - 73395

MLIST - [oss-security] 20110519 CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal

SECUNIA - 44900

SECUNIA - 44660

SECUNIA - 44658

SECUNIA - 44648

SECUNIA - 44458

SECUNIA - 44393

REDHAT - RHSA-2011:0534

SUSE - openSUSE-SU-2011:0510

MLIST - [Qemu-devel] 20110519 [PATCH] Ignore pci unplug requests for unpluggable devices

CONFIRM - http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=505597e4476a6bc219d0ec1362b760d71cb4fdca

MISC - http://blog.nelhage.com/2011/08/breaking-out-of-kvm/

BID - 47927


Last Updated: 27 May 2016 10:56:33