CVE-2011-2512 — Improper Input Validation in Group Qemu-kvm

CWE-20 — Improper Input Validation6 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

0.6%

top 30.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KVM Group Qemu-kvm

Timeline

PublishedJun 21

Latest updateMay 17

Description

The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.

CVSS vector

AV:A/AC:L/C:P/I:P/A:PExploitability: 6.5 | Impact: 6.4

Affected Packages1 packages

▶NVDkvm_group/qemu-kvm0.14.0+1

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-g293-9rv5-w2qx: The virtio_queue_notify in qemu-kvm 0↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

SAP NetWeaver Dispatcher - Multiple Vulnerabilities↗2012-05-09

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2011-07-06

▶

Red Hat

qemu-kvm: OOB memory access caused by negative vq notifies↗2011-05-08

▶

💬Community

Bugzilla

CVE-2011-2512 qemu-kvm: OOB memory access caused by negative vq notifies↗2011-06-28

▶