Vulnerability Details : CVE-2011-1750
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-1750
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1750
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.4
|
HIGH | AV:A/AC:M/Au:S/C:C/I:C/A:C |
4.4
|
10.0
|
NIST |
CWE ids for CVE-2011-1750
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1750
-
https://www.debian.org/security/2011/dsa-2230
Debian -- Security Information -- DSA-2230-1 qemu-kvm
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67062
QEMU KVM virtio-blk driver privilege escalation CVE-2011-1750 Vulnerability Report
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
[SECURITY] Fedora 15 Update: qemu-0.14.0-9.fc15
-
http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html
openSUSE-SU-2011:0510-1: moderate: kvm security update
-
https://hermes.opensuse.org/messages/8572547
openSUSE.org - 503
-
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d
-
http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html
Re: [Qemu-devel] virtio-blk.c handling of i/o which is not a 512 multipl
-
http://rhn.redhat.com/errata/RHSA-2011-0534.html
RHSA-2011:0534 - Security Advisory - Red Hat Customer Portal
-
https://www.ubuntu.com/usn/USN-1145-1/
USN-1145-1: QEMU vulnerabilities | Ubuntu security notices
-
http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html
[Qemu-devel] virtio-blk.c handling of i/o which is not a 512 multiple
Products affected by CVE-2011-1750
- cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*