Control: tag -1 + pending

23.09.2016 19:18, Salvatore Bonaccorso wrote:
Source: qemu
Version: 1:2.6+dfsg-3.1
Severity: important
Tags: security upstream patch


the following vulnerability was published for qemu.

usb: xhci memory leakage during device unplug

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed.

The affected code has been introduced in 2.2.0-rc. Before
that, xhci devices weren't hot-un-pluggable, so the bug
didn't exist.

No previous debian releases are affected.

More, device unplug can only be triggered from the outside of
the guest, i.e., by the administrator running the virtual machine.



Reply via email to