FreeBSD : qemu, xen-tools -- use-after-free in QEMU/Xen block unplug protocol (ee99899d-4347-11e5-93ad-002590263bf5)
High Nessus Plugin ID 85485
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe Xen Project reports :
When unplugging an emulated block device the device was not fully unplugged, meaning a second unplug attempt would attempt to unplug the device a second time using a previously freed pointer.
An HVM guest which has access to an emulated IDE disk device may be able to exploit this vulnerability in order to take over the qemu process elevating its privilege to that of the qemu process.
SolutionUpdate the affected packages.