oss-sec mailing list archives

Re: CVE request -- qemu-kvm: virtio-blk: heap buffer overflow caused by unaligned requests

From: Josh Bressers <bressers () redhat com>
Date: Mon, 25 Apr 2011 16:01:05 -0400 (EDT)

----- Original Message -----

"It was found that virtio-blk driver in qemu-kvm did not properly
validate read and write requests from the guest. A privileged guest user
could use this flaw to cause heap corruption, causing the guest to crash
(denial of service) or, possibly, resulting in the privileged guest user
escalating their privileges on the host."

References:
http://www.spinics.net/lists/kvm/msg51877.html
https://bugzilla.redhat.com/show_bug.cgi?id=698906

Upstream commit:
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d


Please use CVE-2011-1750.

Thanks.

-- 
    JB

Current thread:

CVE request -- qemu-kvm: virtio-blk: heap buffer overflow caused by unaligned requests Petr Matousek (Apr 22)
- Re: CVE request -- qemu-kvm: virtio-blk: heap buffer overflow caused by unaligned requests Josh Bressers (Apr 25)