Launchpad CVE tracker

CVE 2011-2212

Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests."

Related bugs and status

CVE-2011-2212 (Candidate) is related to these bugs:

Bug #806166: CVE-2011-2512

Summary				In	Importance	Status
	806166	CVE-2011-2512		qemu-kvm (Ubuntu)	Medium	Fix Released
	806166	CVE-2011-2512		qemu-kvm (Ubuntu Oneiric)	Medium	Fix Released

Bug #806167: CVE-2011-2212

Summary				In	Importance	Status
	806167	CVE-2011-2212		qemu-kvm (Ubuntu)	Medium	Fix Released
	806167	CVE-2011-2212		qemu-kvm (Ubuntu Oneiric)	Medium	Fix Released

Bug #878162: [MIR] qemu-kvm pulls packages from universe

Summary				In	Importance	Status
	878162	[MIR] qemu-kvm pulls packages from universe		qemu-kvm (Ubuntu)	High	Fix Released

Bug #1029201: qemu-system-x86_64 crashed with SIGSEGV in virtio_pci_mask_vq()

Summary				In	Importance	Status
	1029201	qemu-system-x86_64 crashed with SIGSEGV in virtio_pci_mask_vq()		qemu-kvm (Ubuntu)	Critical	Fix Released
	1029201	qemu-system-x86_64 crashed with SIGSEGV in virtio_pci_mask_vq()		qemu-kvm (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-2212

References