Double Unplugging Exploit: Privilege Escalation via Use-After-Free Vulnerability in QEMU

Double Unplugging Exploit: Privilege Escalation via Use-After-Free Vulnerability in QEMU

CVE-2015-5166 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

Learn more about our User Device Pen Test.