Computer Security
[EN] securityvulns.ru no-pyccku


kvm code execution
updated since 06.07.2011
Published:26.07.2011
Source:
SecurityVulns ID:11764
Type:local
Threat Level:
5/10
Description:virtio commands processing code execution.
Affected:LINUX : kvm 0.14
CVE:CVE-2011-2527 (The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.)
 CVE-2011-2512 (The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.)
 CVE-2011-2212 (Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests.")
Original documentdocumentDEBIAN, [SECURITY] [DSA 2282-1] qemu-kvm security update (26.07.2011)
 documentDEBIAN, [SECURITY] [DSA 2270-1] qemu-kvm security update (06.07.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod