CVE - CVE-2011-1751

CVE-ID
CVE-2011-1751	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[Qemu-devel] 20110519 [PATCH] Ignore pci unplug requests for unpluggable devices URL:http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html MLIST:[oss-security] 20110519 CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal URL:http://www.openwall.com/lists/oss-security/2011/05/19/2 MISC:http://blog.nelhage.com/2011/08/breaking-out-of-kvm/ MISC:https://bugzilla.redhat.com/show_bug.cgi?id=699773 MISC:https://github.com/nelhage/virtunoid CONFIRM:http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=505597e4476a6bc219d0ec1362b760d71cb4fdca REDHAT:RHSA-2011:0534 URL:http://rhn.redhat.com/errata/RHSA-2011-0534.html SUSE:SUSE-SU-2011:0533 URL:https://hermes.opensuse.org/messages/8572547 SUSE:openSUSE-SU-2011:0510 URL:http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html UBUNTU:USN-1145-1 URL:https://www.ubuntu.com/usn/USN-1145-1/ BID:47927 URL:http://www.securityfocus.com/bid/47927 OSVDB:73395 URL:http://www.osvdb.org/73395 SECUNIA:44393 URL:http://secunia.com/advisories/44393 SECUNIA:44458 URL:http://secunia.com/advisories/44458 SECUNIA:44648 URL:http://secunia.com/advisories/44648 SECUNIA:44658 URL:http://secunia.com/advisories/44658 SECUNIA:44660 URL:http://secunia.com/advisories/44660 SECUNIA:44900 URL:http://secunia.com/advisories/44900
Assigning CNA
N/A
Date Entry Created
20110419	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110419)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org