CVE - CVE-2011-1751

CVE-ID
CVE-2011-1751	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:44393 URL:http://secunia.com/advisories/44393 MISC:44458 URL:http://secunia.com/advisories/44458 MISC:44648 URL:http://secunia.com/advisories/44648 MISC:44658 URL:http://secunia.com/advisories/44658 MISC:44660 URL:http://secunia.com/advisories/44660 MISC:44900 URL:http://secunia.com/advisories/44900 MISC:47927 URL:http://www.securityfocus.com/bid/47927 MISC:73395 URL:~~http://www.osvdb.org/73395~~ (Obsolete source) MISC:RHSA-2011:0534 URL:http://rhn.redhat.com/errata/RHSA-2011-0534.html MISC:SUSE-SU-2011:0533 URL:https://hermes.opensuse.org/messages/8572547 MISC:USN-1145-1 URL:https://www.ubuntu.com/usn/USN-1145-1/ MISC:[Qemu-devel] 20110519 [PATCH] Ignore pci unplug requests for unpluggable devices URL:http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html MISC:[oss-security] 20110519 CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal URL:http://www.openwall.com/lists/oss-security/2011/05/19/2 MISC:http://blog.nelhage.com/2011/08/breaking-out-of-kvm/ URL:http://blog.nelhage.com/2011/08/breaking-out-of-kvm/ MISC:http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=505597e4476a6bc219d0ec1362b760d71cb4fdca URL:http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=505597e4476a6bc219d0ec1362b760d71cb4fdca MISC:https://bugzilla.redhat.com/show_bug.cgi?id=699773 URL:https://bugzilla.redhat.com/show_bug.cgi?id=699773 MISC:https://github.com/nelhage/virtunoid URL:https://github.com/nelhage/virtunoid MISC:openSUSE-SU-2011:0510 URL:http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20110419	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110419)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.