Launchpad CVE tracker

CVE 2013-4377

Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.

Related bugs and status

CVE-2013-4377 (Candidate) is related to these bugs:

Bug #1294823: FFE: create a trusty machine type

Summary				In	Importance	Status
	1294823	FFE: create a trusty machine type		qemu (Ubuntu)	High	Fix Released
	1294823	FFE: create a trusty machine type		libvirt (Ubuntu)	High	Fix Released

Bug #1295072: qemu 1.7 should build-depend on libfdt-dev higher than 1.4.0

		In	Importance	Status
1295072	qemu 1.7 should build-depend on libfdt-dev higher than 1.4.0	qemu (Ubuntu)	Low	Fix Released
1295072	qemu 1.7 should build-depend on libfdt-dev higher than 1.4.0	device-tree-compiler (Ubuntu)	High	Fix Released
1295072	qemu 1.7 should build-depend on libfdt-dev higher than 1.4.0	device-tree-compiler (Ubuntu Precise)	High	Fix Released
1295072	qemu 1.7 should build-depend on libfdt-dev higher than 1.4.0	qemu (Ubuntu Precise)	Undecided	Invalid
1295072	qemu 1.7 should build-depend on libfdt-dev higher than 1.4.0	device-tree-compiler (Ubuntu Quantal)	High	Won't Fix
1295072	qemu 1.7 should build-depend on libfdt-dev higher than 1.4.0	qemu (Ubuntu Quantal)	Undecided	Invalid
1295072	qemu 1.7 should build-depend on libfdt-dev higher than 1.4.0	device-tree-compiler (Debian)	Unknown	Fix Released
1295072	qemu 1.7 should build-depend on libfdt-dev higher than 1.4.0	device-tree-compiler (Ubuntu Trusty)	Undecided	New
1295072	qemu 1.7 should build-depend on libfdt-dev higher than 1.4.0	qemu (Ubuntu Trusty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-4377

References