Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-1751

The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."

Published

2012-06-21T15:55:09.613

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.4 (HIGH)

CVSSv2 Vector

AV:A/AC:M/Au:S/C:C/I:C/A:C

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

4.4

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application qemu qemu 0.1.0 Yes
Application qemu qemu 0.1.1 Yes
Application qemu qemu 0.1.2 Yes
Application qemu qemu 0.1.3 Yes
Application qemu qemu 0.1.4 Yes
Application qemu qemu 0.1.5 Yes
Application qemu qemu 0.1.6 Yes
Application qemu qemu 0.2.0 Yes
Application qemu qemu 0.3.0 Yes
Application qemu qemu 0.4.0 Yes
Application qemu qemu 0.4.1 Yes
Application qemu qemu 0.4.2 Yes
Application qemu qemu 0.4.3 Yes
Application qemu qemu 0.5.0 Yes
Application qemu qemu 0.5.1 Yes
Application qemu qemu 0.5.2 Yes
Application qemu qemu 0.5.3 Yes
Application qemu qemu 0.5.4 Yes
Application qemu qemu 0.5.5 Yes
Application qemu qemu 0.6.0 Yes
Application qemu qemu 0.6.1 Yes
Application qemu qemu 0.7.0 Yes
Application qemu qemu 0.7.1 Yes
Application qemu qemu 0.7.2 Yes
Application qemu qemu 0.8.0 Yes
Application qemu qemu 0.8.1 Yes
Application qemu qemu 0.8.2 Yes
Application qemu qemu 0.9.0 Yes
Application qemu qemu 0.9.1 Yes
Application qemu qemu 0.9.1-5 Yes
Application qemu qemu 0.10.0 Yes
Application qemu qemu 0.10.1 Yes
Application qemu qemu 0.10.2 Yes
Application qemu qemu 0.10.3 Yes
Application qemu qemu 0.10.4 Yes
Application qemu qemu 0.10.5 Yes
Application qemu qemu 0.10.6 Yes
Application qemu qemu 0.11.0 Yes
Application qemu qemu 0.11.0 Yes
Application qemu qemu 0.11.0 Yes
Application qemu qemu 0.11.0 Yes
Application qemu qemu 0.11.0-rc0 Yes
Application qemu qemu 0.11.0-rc1 Yes
Application qemu qemu 0.11.0-rc2 Yes
Application qemu qemu 0.11.1 Yes
Application qemu qemu 0.12.0 Yes
Application qemu qemu 0.12.0 Yes
Application qemu qemu 0.12.0 Yes
Application qemu qemu 0.12.1 Yes
Application qemu qemu 0.12.2 Yes
Application qemu qemu 0.12.3 Yes
Application qemu qemu 0.12.4 Yes
Application qemu qemu 0.12.5 Yes
Application qemu qemu 0.13.0 Yes
Application qemu qemu 0.13.0 Yes
Application qemu qemu 0.13.0 Yes
Application qemu qemu 0.14.0 Yes
Application qemu qemu 0.14.0 Yes
Application qemu qemu 0.14.0 Yes
Application qemu qemu 0.14.0 Yes
Application qemu qemu 0.14.1 Yes
Application qemu qemu 0.15.0 Yes
Application qemu qemu 0.15.0 Yes
Application qemu qemu 1.0 Yes
Application qemu qemu 1.0 Yes
Application qemu qemu 1.0 Yes
Application qemu qemu 1.0 Yes
Application qemu qemu 1.0 Yes
Application qemu qemu 1.0.1 Yes
Application qemu qemu 1.1 Yes
Application qemu qemu 1.1 Yes
Application qemu qemu 1.1 Yes
Application qemu qemu 1.1 Yes
Application qemu qemu 1.1 Yes
References