Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1750

Overview

Vulnerability Score 7.4 7.4
CVE Id CVE-2011-1750
Last Modified 26 Jun 2012 12:00:00
Published 21 Jun 2012 11:55:08
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-1750

Summary

Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.

Vulnerable Systems

Application

  • Qemu 0.14.0


References

UBUNTU - USN-1145-1

SUSE - SUSE-SU-2011:0533

XF - kvm-virtioblk-priv-escalation(67062)

OSVDB - 73756

SECUNIA - 44900

SECUNIA - 44660

SECUNIA - 44658

SECUNIA - 44393

SECUNIA - 44132

REDHAT - RHSA-2011:0534

SUSE - openSUSE-SU-2011:0510

MLIST - [Qemu-devel] 20110330 Re: virtio-blk.c handling of i/o which is not a 512 multiple

MLIST - [Qemu-devel] 20110330 virtio-blk.c handling of i/o which is not a 512 multiple

FEDORA - FEDORA-2012-8604

DEBIAN - DSA-2230

CONFIRM - http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commitdiff;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d


Last Updated: 27 May 2016 10:56:33