CVE 2013-4377
Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
Related bugs and status
CVE-2013-4377 (Candidate) is related to these bugs:
Bug #1294823: FFE: create a trusty machine type
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1294823 | FFE: create a trusty machine type | qemu (Ubuntu) | High | Fix Released | ||
1294823 | FFE: create a trusty machine type | libvirt (Ubuntu) | High | Fix Released |
Bug #1295072: qemu 1.7 should build-depend on libfdt-dev higher than 1.4.0
See the
CVE page on Mitre.org
for more details.