CVE-2011-2512

Priority
Medium
Description
The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly
validate the virtqueue number, which allows guest users to cause a denial
of service (guest crash) and possibly execute arbitrary code via a negative
number in the Queue Notify field of the Virtio Header, which bypasses a
signed comparison.
References
Bugs
Assigned-to
jdstrand
Package
Upstream:released (0.14.1+dfsg-2)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (0.12.3+noroms-0ubuntu9.12)
Ubuntu 11.04 (Natty Narwhal):released (0.14.0+noroms-0ubuntu4.3)
Ubuntu 11.10 (Oneiric Ocelot):released (0.14.0+noroms-0ubuntu8)
Patches:
Patch:http://patchwork.ozlabs.org/patch/94604/
Vendor:https://rhn.redhat.com/errata/RHSA-2011-0919.html
Vendor:http://www.debian.org/security/2011/dsa-2270
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-27 20:14:41 UTC (commit 5449)