5.8
CVE-2011-2512
- EPSS 1.9%
- Veröffentlicht 21.06.2012 15:55:09
- Zuletzt bearbeitet 16.06.2026 23:31:29
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.9% | 0.77 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 6.5 | 6.4 |
AV:A/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/44458
http://secunia.com/advisories/44648
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html
http://rhn.redhat.com/errata/RHSA-2011-0919.html
http://secunia.com/advisories/45158
http://secunia.com/advisories/45170
http://secunia.com/advisories/45301
http://ubuntu.com/usn/usn-1165-1
http://www.osvdb.org/74751
https://hermes.opensuse.org/messages/9605323
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=7157e2e23e89adcd436caeab31fdd6b47eded377
http://www.openwall.com/lists/oss-security/2011/06/28/13
http://www.openwall.com/lists/oss-security/2011/06/29/15
https://www.debian.org/security/2011/dsa-2270