Control: tag -1 + pending
23.09.2016 19:18, Salvatore Bonaccorso wrote:
Tags: security upstream patch
the following vulnerability was published for qemu.
usb: xhci memory leakage during device unplug
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.
The affected code has been introduced in 2.2.0-rc. Before
that, xhci devices weren't hot-un-pluggable, so the bug
No previous debian releases are affected.
More, device unplug can only be triggered from the outside of
the guest, i.e., by the administrator running the virtual machine.