'Re: [oss-security] CVE request -- qemu-kvm: virtio-blk: heap buffer'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request -- qemu-kvm: virtio-blk: heap buffer
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-04-25 20:01:05
Message-ID: 1576686929.150732.1303761665047.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- Original Message -----
> "It was found that virtio-blk driver in qemu-kvm did not properly
> validate read and write requests from the guest. A privileged guest user
> could use this flaw to cause heap corruption, causing the guest to crash
> (denial of service) or, possibly, resulting in the privileged guest user
> escalating their privileges on the host."
> 
> References:
> http://www.spinics.net/lists/kvm/msg51877.html
> https://bugzilla.redhat.com/show_bug.cgi?id=698906
> 
> Upstream commit:
> http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d
> 

Please use CVE-2011-1750.

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic