CVE-2014-3471

Published: Jan 12, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices.

Affected (2)

Products: Qemu: Qemu

Qemu

1 product

Qemu

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 2.1.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Version 2.1.2 r1

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (10)

http://security.gentoo.org/glsa/glsa-201412-01.xml

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/06/23/4

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/68145

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1112271

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html

Source: secalert@redhat.com

PatchThird Party Advisory

http://security.gentoo.org/glsa/glsa-201412-01.xml