It was found that virtio-blk driver in qemu-kvm did not properly validate read and write requests from the guest. A privileged guest user could use this flaw to cause heap corruption, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. On RHEL ExecShield (glibc heap/memory checks) mitigates this issue. References: http://www.spinics.net/lists/kvm/msg51877.html Upstream commit: http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d
Created qemu tracking bugs for this issue Affects: fedora-all [bug 698911]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0534 https://rhn.redhat.com/errata/RHSA-2011-0534.html
Statement: This issue does not affect versions of kvm package as shipped with Red Hat Enterprise Linux 5.
qemu-0.14.0-9.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.