CVE-2011-1750 - OpenCVE

Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:M/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*

References

Link	Resource
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html
http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html
http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html
http://rhn.redhat.com/errata/RHSA-2011-0534.html
http://secunia.com/advisories/44132	Vendor Advisory
http://secunia.com/advisories/44393	Vendor Advisory
http://secunia.com/advisories/44658	Vendor Advisory
http://secunia.com/advisories/44660	Vendor Advisory
http://secunia.com/advisories/44900	Vendor Advisory
http://www.osvdb.org/73756
https://exchange.xforce.ibmcloud.com/vulnerabilities/67062
https://hermes.opensuse.org/messages/8572547
https://www.debian.org/security/2011/dsa-2230
https://www.ubuntu.com/usn/USN-1145-1/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-21T15:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2011-04-19T00:00:00

Link: CVE-2011-1750

JSON object: View

NVD Information

Status : Modified

Published: 2012-06-21T15:55:08.880

Modified: 2023-02-13T04:30:48.463

Link: CVE-2011-1750

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-30T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-2230", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2011/dsa-2230"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d"}, {"name": "RHSA-2011:0534", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2011-0534.html"}, {"name": "[Qemu-devel] 20110330 virtio-blk.c handling of i/o which is not a 512 multiple", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html"}, {"name": "44393", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44393"}, {"name": "44658", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44658"}, {"name": "SUSE-SU-2011:0533", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://hermes.opensuse.org/messages/8572547"}, {"name": "kvm-virtioblk-priv-escalation(67062)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67062"}, {"name": "44660", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44660"}, {"name": "[Qemu-devel] 20110330 Re: virtio-blk.c handling of i/o which is not a 512 multiple", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html"}, {"name": "73756", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/73756"}, {"name": "USN-1145-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://www.ubuntu.com/usn/USN-1145-1/"}, {"name": "44900", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44900"}, {"name": "openSUSE-SU-2011:0510", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html"}, {"name": "44132", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44132"}, {"name": "FEDORA-2012-8604", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1750", "datePublished": "2012-06-21T15:00:00", "dateReserved": "2011-04-19T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "77768E6F-408A-48A7-9F67-B8E1760DBA11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de bufer basado en memoria din\u00e1mica en el controlador virtio-BLK (hw/virtio-blk.c) en qemu-kvm v0.14.0 permiten causar una denegaci\u00f3n de servicio y posiblemente obtener privilegios a los usuarios locales invitados a trav\u00e9s de (1) una petici\u00f3n de escritura a la funci\u00f3n virtio_blk_handle_write o (2) una solicitud de lectura a la funci\u00f3n virtio_blk_handle_read que no est\u00e1 correctamente alineada."}], "id": "CVE-2011-1750", "lastModified": "2023-02-13T04:30:48.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.4, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-21T15:55:08.880", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html"}, {"source": "secalert@redhat.com", "url": "http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html"}, {"source": "secalert@redhat.com", "url": "http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2011-0534.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44132"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44393"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44658"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44660"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44900"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/73756"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67062"}, {"source": "secalert@redhat.com", "url": "https://hermes.opensuse.org/messages/8572547"}, {"source": "secalert@redhat.com", "url": "https://www.debian.org/security/2011/dsa-2230"}, {"source": "secalert@redhat.com", "url": "https://www.ubuntu.com/usn/USN-1145-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}