Computer Security
[EN] securityvulns.ru no-pyccku


QEMU / Xen multiple security vulnerabilities
Published:01.02.2014
Source:
SecurityVulns ID:13545
Type:remote
Threat Level:
5/10
Description:DoS, privilege escalation.
Affected:QEMU : qemu 1.6
 XEN : XEN 4.3
CVE:CVE-2013-4377 (Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.)
 CVE-2013-4375 (The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.)
 CVE-2013-4344 (Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.)
Original documentdocumentUBUNTU, [USN-2092-1] QEMU vulnerabilities (01.02.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod