Red Hat Bugzilla – Bug 713589
CVE-2011-2212 qemu-kvm: virtqueue: too-large indirect descriptor buffer overflow
Last modified: 2015-07-31 02:46:32 EDT
It was found that virtio subsystem in qemu-kvm did not properly validate virtqueue in and out requests from the guest. A privileged guest user could use this flaw to cause buffer overflow, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host.
Red Hat would like to thank Nelson Elhage for reporting this issue.
This issue only affects Red Hat Enterprise Linux 6. The version of the qemu/kvm
as shipped with Red Hat Enterprise Linux 5 is not affected because it does not provide support for indirect descriptors.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:0919 https://rhn.redhat.com/errata/RHSA-2011-0919.html