Package : qemu Vulnerability : implementation error Problem type : local Debian-specific: no CVE ID : CVE-2011-1751 Nelson Elhage discovered that incorrect memory handling during the removal of ISA devices in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service of the execution of arbitrary code. We recommend that you upgrade your qemu-kvm packages.
CVE-2011-2512 Nelson Elhage discoverd that QEMU did not properly validate certain virtqueue requests from the guest. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. Upstream patch: http://patchwork.ozlabs.org/patch/94604/
CC: (none) => boklm
Oops, wrong text for CVE-2011-2512. Correct one : Stefan Hajnoczi discovered that QEMU did not properly perform integer comparisons when performing virtqueue input validation. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program.
And CVE-2011-2212 : Nelson Elhage discoverd that QEMU did not properly validate certain virtqueue requests from the guest. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program.
Created attachment 639 [details] Patch for CVE-2011-2212 Patch extracted from redhat qemu-kvm-0.12.1.2-2.160.el6_1.2.src.rpm
bolkm or saispo, can you work on this security issue ?
CC: (none) => cjw, fundawang, mageia, misc, thierry.vignaud
Filed twice. *** This bug has been marked as a duplicate of bug 2063 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE
CC: boklm => (none)