Bug 1423

Summary: qemu-kvm security update
Product: Mageia Reporter: Jérôme Soyer <saispo>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: Normal CC: cjw, fundawang, mageia, misc, thierry.vignaud
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: qemu-0.14.0-5.mga1.src.rpm CVE:
Status comment:
Attachments: Patch for CVE-2011-2212

Description Jérôme Soyer 2011-05-25 19:19:08 CEST 
Package        : qemu
Vulnerability  : implementation error
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2011-1751

Nelson Elhage discovered that incorrect memory handling during the
removal of ISA devices in KVM, a solution for full virtualization on
x86 hardware, could lead to denial of service of the execution of
arbitrary code.

We recommend that you upgrade your qemu-kvm packages.
Comment 1 Nicolas Vigier 2011-07-07 19:57:10 CEST 
CVE-2011-2512

Nelson Elhage discoverd that QEMU did not properly validate certain
virtqueue requests from the guest. An attacker could exploit this to cause
a denial of service of the guest or possibly execute code with the
privileges of the user invoking the program.

Upstream patch:
http://patchwork.ozlabs.org/patch/94604/

CC: (none) => boklm

Comment 2 Nicolas Vigier 2011-07-07 20:02:03 CEST 
Oops, wrong text for CVE-2011-2512. Correct one :
Stefan Hajnoczi discovered that QEMU did not properly perform integer
comparisons when performing virtqueue input validation. An attacker could
exploit this to cause a denial of service of the guest or possibly execute
code with the privileges of the user invoking the program.
Comment 3 Nicolas Vigier 2011-07-07 20:21:11 CEST 
And CVE-2011-2212 :
Nelson Elhage discoverd that QEMU did not properly validate certain
virtqueue requests from the guest. An attacker could exploit this to cause
a denial of service of the guest or possibly execute code with the
privileges of the user invoking the program.
Comment 4 Nicolas Vigier 2011-07-07 20:23:37 CEST 
Created attachment 639 [details]
Patch for CVE-2011-2212

Patch extracted from redhat qemu-kvm-0.12.1.2-2.160.el6_1.2.src.rpm
Comment 5 Manuel Hiebel 2011-08-30 09:33:19 CEST 
bolkm or saispo, can you work on this security issue ?
Manuel Hiebel 2011-08-30 09:48:53 CEST

CC: (none) => cjw, fundawang, mageia, misc, thierry.vignaud

Comment 6 Michael Scherer 2011-08-31 21:50:46 CEST 
Filed twice.

*** This bug has been marked as a duplicate of bug 2063 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Nicolas Vigier 2014-05-08 18:07:14 CEST

CC: boklm => (none)