CVE - CVE-2011-1750

CVE-ID
CVE-2011-1750	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:44132 URL:http://secunia.com/advisories/44132 MISC:44393 URL:http://secunia.com/advisories/44393 MISC:44658 URL:http://secunia.com/advisories/44658 MISC:44660 URL:http://secunia.com/advisories/44660 MISC:44900 URL:http://secunia.com/advisories/44900 MISC:73756 URL:~~http://www.osvdb.org/73756~~ (Obsolete source) MISC:DSA-2230 URL:https://www.debian.org/security/2011/dsa-2230 MISC:FEDORA-2012-8604 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html MISC:RHSA-2011:0534 URL:http://rhn.redhat.com/errata/RHSA-2011-0534.html MISC:SUSE-SU-2011:0533 URL:https://hermes.opensuse.org/messages/8572547 MISC:USN-1145-1 URL:https://www.ubuntu.com/usn/USN-1145-1/ MISC:[Qemu-devel] 20110330 Re: virtio-blk.c handling of i/o which is not a 512 multiple URL:http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html MISC:[Qemu-devel] 20110330 virtio-blk.c handling of i/o which is not a 512 multiple URL:http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html MISC:http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d URL:http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d MISC:kvm-virtioblk-priv-escalation(67062) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/67062 MISC:openSUSE-SU-2011:0510 URL:http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20110419	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110419)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.