Multiple vulnerabilities in QEMU
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU43970
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2212
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to execute arbitrary code.
Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests."
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: 0.1 - 0.14.0
CPE2.3- cpe:2.3:a:qemu:qemu:0.1:*:*:*:*:*:*:
- cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:
- cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html
http://rhn.redhat.com/errata/RHSA-2011-0919.html
http://secunia.com/advisories/45158
http://secunia.com/advisories/45170
http://secunia.com/advisories/45187
http://secunia.com/advisories/45188
http://secunia.com/advisories/45301
http://secunia.com/advisories/45354
http://ubuntu.com/usn/usn-1165-1
http://www.osvdb.org/74751
http://bugzilla.redhat.com/show_bug.cgi?id=713589
http://hermes.opensuse.org/messages/9605323
http://www.debian.org/security/2011/dsa-2282
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU43972
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1750
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to execute arbitrary code.
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: 0.14.0
CPE2.3 External linkshttp://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commitdiff;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html
http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html
http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html
http://rhn.redhat.com/errata/RHSA-2011-0534.html
http://secunia.com/advisories/44132
http://secunia.com/advisories/44393
http://secunia.com/advisories/44658
http://secunia.com/advisories/44660
http://secunia.com/advisories/44900
http://www.osvdb.org/73756
http://exchange.xforce.ibmcloud.com/vulnerabilities/67062
http://hermes.opensuse.org/messages/8572547
http://www.debian.org/security/2011/dsa-2230
http://www.ubuntu.com/usn/USN-1145-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
