Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-2512

The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.

Related bugs and status

CVE-2011-2512 (Candidate) is related to these bugs:

Bug #806166: CVE-2011-2512

Summary				In	Importance	Status
	806166	CVE-2011-2512		qemu-kvm (Ubuntu)	Medium	Fix Released
	806166	CVE-2011-2512		qemu-kvm (Ubuntu Oneiric)	Medium	Fix Released

Bug #806167: CVE-2011-2212

Summary				In	Importance	Status
	806167	CVE-2011-2212		qemu-kvm (Ubuntu)	Medium	Fix Released
	806167	CVE-2011-2212		qemu-kvm (Ubuntu Oneiric)	Medium	Fix Released

Bug #878162: [MIR] qemu-kvm pulls packages from universe

Summary				In	Importance	Status
	878162	[MIR] qemu-kvm pulls packages from universe		qemu-kvm (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.osvdb.org/7...
MISC: https://www.debian.org...
MISC: http://rhn.redhat.com/...
MISC: https://hermes.opensus...
MISC: http://ubuntu.com/usn/...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://git.kernel.org/...
MISC: http://lists.opensuse....