CVE-2011-1750

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-1750
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.

7.4 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 4.4 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html
http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html
http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html
http://rhn.redhat.com/errata/RHSA-2011-0534.html
http://secunia.com/advisories/44132 Vendor Advisory
http://secunia.com/advisories/44393 Vendor Advisory
http://secunia.com/advisories/44658 Vendor Advisory
http://secunia.com/advisories/44660 Vendor Advisory
http://secunia.com/advisories/44900 Vendor Advisory
http://www.osvdb.org/73756
https://exchange.xforce.ibmcloud.com/vulnerabilities/67062
https://hermes.opensuse.org/messages/8572547
https://www.debian.org/security/2011/dsa-2230
https://www.ubuntu.com/usn/USN-1145-1/
Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*
History

13 Feb 2023, 04:30

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2011-1750', 'name': 'https://access.redhat.com/security/cve/CVE-2011-1750', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=698906', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=698906', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2011:0534', 'name': 'https://access.redhat.com/errata/RHSA-2011:0534', 'tags': [], 'refsource': 'MISC'}
Summary CVE-2011-1750 virtio-blk: heap buffer overflow caused by unaligned requests Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.

02 Feb 2023, 14:15

Type Values Removed Values Added
References
  • {'url': 'http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commitdiff;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d', 'name': 'http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commitdiff;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d', 'tags': [], 'refsource': 'CONFIRM'}
  • (MISC) https://access.redhat.com/security/cve/CVE-2011-1750 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=698906 -
  • (MISC) http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d -
  • (MISC) https://access.redhat.com/errata/RHSA-2011:0534 -
Summary Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned. CVE-2011-1750 virtio-blk: heap buffer overflow caused by unaligned requests
Information

Published : 2012-06-21 15:55

Updated : 2023-12-10 11:16

NVD link : CVE-2011-1750

Mitre link : CVE-2011-1750

CVE.ORG link : CVE-2011-1750

JSON object : View

Products Affected

qemu

  • qemu
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer