CVE-2011-2512

Priority
Description
The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly
validate the virtqueue number, which allows guest users to cause a denial
of service (guest crash) and possibly execute arbitrary code via a negative
number in the Queue Notify field of the Virtio Header, which bypasses a
signed comparison.
Assigned-to
jdstrand
Notes
Package
Upstream:released (0.14.1+dfsg-2)
Patches:
Other:http://patchwork.ozlabs.org/patch/94604/
Vendor:https://rhn.redhat.com/errata/RHSA-2011-0919.html
Vendor:http://www.debian.org/security/2011/dsa-2270
This vulnerability is mitigated in part by an AppArmor profile. For more details see https://wiki.ubuntu.com/Security/Features#apparmor
More Information

Updated: 2020-09-10 01:44:23 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)