CVE-2011-1750 : Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest use

Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.

Published 2012-06-21 15:55:09

Updated 2023-02-13 04:30:48

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2011-1750

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-1750

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.4	HIGH	AV:A/AC:M/Au:S/C:C/I:C/A:C	4.4	10.0	NIST
Access Vector: Adjacent Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-1750

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1750

https://www.debian.org/security/2011/dsa-2230

Debian -- Security Information -- DSA-2230-1 qemu-kvm
https://exchange.xforce.ibmcloud.com/vulnerabilities/67062

QEMU KVM virtio-blk driver privilege escalation CVE-2011-1750 Vulnerability Report
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html

[SECURITY] Fedora 15 Update: qemu-0.14.0-9.fc15

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html

openSUSE-SU-2011:0510-1: moderate: kvm security update

CVEs referencing this url
https://hermes.opensuse.org/messages/8572547

openSUSE.org - 503

CVEs referencing this url
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d
http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html

Re: [Qemu-devel] virtio-blk.c handling of i/o which is not a 512 multipl
http://rhn.redhat.com/errata/RHSA-2011-0534.html

RHSA-2011:0534 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://www.ubuntu.com/usn/USN-1145-1/

USN-1145-1: QEMU vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html

[Qemu-devel] virtio-blk.c handling of i/o which is not a 512 multiple

Products affected by CVE-2011-1750

Qemu » Qemu » Version: 0.14.0
cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-1750

Exploit prediction scoring system (EPSS) score for CVE-2011-1750

CVSS scores for CVE-2011-1750

CWE ids for CVE-2011-1750

References for CVE-2011-1750

Products affected by CVE-2011-1750