Main Vulnerability Database SB2018011218

SB2018011218 - Use-after-free in QEMU

Published: January 12, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018011218

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2014-3471)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing hotplug and hotunplug operations of Virtio block devices. A local guest OS users can cause a denial of service (QEMU instance crash).

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://security.gentoo.org/glsa/glsa-201412-01.xml
http://www.openwall.com/lists/oss-security/2014/06/23/4
http://www.securityfocus.com/bid/68145
https://bugzilla.redhat.com/show_bug.cgi?id=1112271
https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html