CVE request -- qemu-kvm: virtio-blk: heap buffer overflow caused by unaligned requests

[Petr Matousek <pmatouse () redhat com>]

"It was found that virtio-blk driver in qemu-kvm did not properly validate 
read and write requests from the guest. A privileged guest user could use
this flaw to cause heap corruption, causing the guest to crash (denial of
service) or, possibly, resulting in the privileged guest user escalating
their privileges on the host."

References:
http://www.spinics.net/lists/kvm/msg51877.html
https://bugzilla.redhat.com/show_bug.cgi?id=698906

Upstream commit:
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d

Thanks,
--
Petr Matousek / Red Hat Security Response Team