CVE-2013-4377 - Vulnerability Details - OpenCVE

Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu:1.4.0:::::::*
	cpe:2.3:a:qemu:qemu:1.4.1:::::::*
	cpe:2.3:a:qemu:qemu:1.4.2:::::::*
	cpe:2.3:a:qemu:qemu:1.5.0:::::::*
	cpe:2.3:a:qemu:qemu:1.5.0:rc1::::::
	cpe:2.3:a:qemu:qemu:1.5.0:rc2::::::
	cpe:2.3:a:qemu:qemu:1.5.0:rc3::::::
	cpe:2.3:a:qemu:qemu:1.5.1:::::::*
	cpe:2.3:a:qemu:qemu:1.5.2:::::::*
	cpe:2.3:a:qemu:qemu:1.5.3:::::::*
	cpe:2.3:a:qemu:qemu:1.6.0:::::::*
	cpe:2.3:a:qemu:qemu:1.6.0:rc1::::::
	cpe:2.3:a:qemu:qemu:1.6.0:rc2::::::
	cpe:2.3:a:qemu:qemu:1.6.0:rc3::::::

No data.

References

Link	Providers
http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html
http://secunia.com/advisories/55015
http://www.openwall.com/lists/oss-security/2013/09/26/5
http://www.ubuntu.com/usn/USN-2092-1
https://bugzilla.redhat.com/show_bug.cgi?id=1012633
https://nvd.nist.gov/vuln/detail/CVE-2013-4377
https://www.cve.org/CVERecord?id=CVE-2013-4377

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-10-11T22:00:00

Updated: 2024-08-06T16:38:02.154Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4377

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-10-11T22:55:40.220

Modified: 2024-11-21T01:55:27.230

Link: CVE-2013-4377

Redhat

Severity : Moderate

Publid Date: 2013-07-11T00:00:00Z

Links: CVE-2013-4377 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-09-20T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by \"hot-unplugging\" a virtio device."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-03T15:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[Qemu-devel] 20130920 [PATCH 11/11] virtio-pci: add device_unplugged callback", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012633"}, {"name": "55015", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55015"}, {"name": "USN-2092-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2092-1"}, {"name": "[oss-security] 20130926 Re: CVE request: qemu host crash from within guest", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/09/26/5"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:38:02.154Z"}, "title": "CVE Program Container", "references": [{"name": "[Qemu-devel] 20130920 [PATCH 11/11] virtio-pci: add device_unplugged callback", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012633"}, {"name": "55015", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55015"}, {"name": "USN-2092-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2092-1"}, {"name": "[oss-security] 20130926 Re: CVE request: qemu host crash from within guest", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/09/26/5"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4377", "datePublished": "2013-10-11T22:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:02.154Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EF7AE0E-3DD2-4724-B1BB-FCCAEA8F5E14", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "59B3B915-1606-48E4-9EFC-BD9D6A6D404A", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "CA86C99D-E544-471F-8F8E-94525E600132", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "998961D0-6B1E-4237-AFC3-2E1E4D90BDE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "35B1E3F1-4647-47FF-9546-0742F10B607B", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "0147F4B2-0591-4681-AE24-975AB6A349D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "97757FF0-D0D6-4BFE-811A-6398D8520D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "46F126B1-284B-4B3A-8540-1498628C46F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D5F0C-85F5-46D1-B77C-4A7CCE2D69B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "508383F4-B6EE-4C64-AE63-209EA87DF557", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB7A7593-FAC0-4336-84AF-EC367059D5C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1E8BE223-9122-416D-AA1D-694B19C80A4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C6EE9-9DA2-4FE1-8446-C9CC21353332", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "383C575E-724D-4F97-9E0C-CDE50499C3D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by \"hot-unplugging\" a virtio device."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la implementaci\u00f3n virtio-pci de Qemu 1.4.0 hasta 1.6.0 permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una desconexi\u00f3n en caliente de un dispositivo virtio."}], "id": "CVE-2013-4377", "lastModified": "2024-11-21T01:55:27.230", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-11T22:55:40.220", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55015"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/09/26/5"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2092-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012633"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/09/26/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2092-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012633"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}