oss-sec mailing list archives
qemu: CVE-2011-3346
From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 20 Oct 2011 11:10:17 +0200
CVE-2011-3346 qemu: local DoS with SCSI CD-ROM Paolo Bonzini of Red Hat found a buffer overflow in QEMU's SCSI subsystem. hw/scsi-disk.c tries to zero a user-provided number of bytes in a fixed-size buffer. An unprivileged local guest user can potentially use this flaw to crash the guest. References: https://bugzilla.redhat.com/show_bug.cgi?id=736038 https://bugzilla.redhat.com/show_bug.cgi?id=736038#c1 Upstream patches: http://repo.or.cz/w/qemu.git/commit/7285477ab11831b1cf56e45878a89170dd06d9b9 http://repo.or.cz/w/qemu.git/commit/103b40f51e4012b3b0ad20f615562a1806d7f49a Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- qemu: CVE-2011-3346 Petr Matousek (Oct 20)