[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request -- qemu-kvm: virtio-blk: heap buffer
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-04-25 20:01:05
Message-ID: 1576686929.150732.1303761665047.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- Original Message -----
> "It was found that virtio-blk driver in qemu-kvm did not properly
> validate read and write requests from the guest. A privileged guest user
> could use this flaw to cause heap corruption, causing the guest to crash
> (denial of service) or, possibly, resulting in the privileged guest user
> escalating their privileges on the host."
>
> References:
> http://www.spinics.net/lists/kvm/msg51877.html
> https://bugzilla.redhat.com/show_bug.cgi?id=698906
>
> Upstream commit:
> http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d
>
Please use CVE-2011-1750.
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic