Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
CVSS Score
2.3
EPSS Score
0.005
Published
2013-10-11
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
CVSS Score
7.2
EPSS Score
0.004
Published
2013-10-04
Page 32