QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1751

Published: Jun 21, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20110519 CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=505597e4476a6bc219d0ec1362b760d71cb4fdca

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

SUSE-SU-2011:0533

vendor-advisory

x_refsource_SUSE

[Qemu-devel] 20110519 [PATCH] Ignore pci unplug requests for unpluggable devices

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

https://github.com/nelhage/virtunoid

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=699773

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

http://blog.nelhage.com/2011/08/breaking-out-of-kvm/

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2011:0510

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.