CVE-2011-1750

Publication date 29 May 2011

Last updated 24 July 2024

Ubuntu priority

Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qemu-kvm	11.04 natty	Fixed 0.14.0+noroms-0ubuntu4.1
	10.10 maverick	Fixed 0.12.5+noroms-0ubuntu7.5
	10.04 LTS lucid	Fixed 0.12.3+noroms-0ubuntu9.9
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release

Notes

jdstrand

adding apparmor tag since qemu-kvm is typically used with libvirt on Ubuntu, and is therefore confined by AppArmor

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
qemu-kvm	Other: http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d Vendor: http://www.debian.org/security/2011/dsa-2230 Vendor: https://rhn.redhat.com/errata/RHSA-2011-0534.html

References

Related Ubuntu Security Notices (USN)