Vulnerabilities > CVE-2016-9923 - Use After Free vulnerability in Qemu
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Gentoo Local Security Checks |
| NASL id | GENTOO_GLSA-201701-49.NASL |
| description | The remote host is affected by the vulnerability described in GLSA-201701-49 (QEMU: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : A privileged user/process within a guest QEMU environment can cause a Denial of Service condition against the QEMU guest process or the host. Workaround : There is no known workaround at this time. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 96684 |
| published | 2017-01-23 |
| reporter | This script is Copyright (C) 2017 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/96684 |
| title | GLSA-201701-49 : QEMU: Multiple vulnerabilities |