Bug 717199 (CVE-2011-2511) - CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
Summary: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-2511
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 717202 717203 717204 717206 717207
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-06-28 11:15 UTC by Petr Matousek
Modified: 2019-09-29 12:45 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-10-04 20:14:28 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1019 normal SHIPPED_LIVE Moderate: libvirt security, bug fix, and enhancement update 2011-07-21 10:31:00 UTC
Red Hat Product Errata RHSA-2011:1197 normal SHIPPED_LIVE Moderate: libvirt security and bug fix update 2011-08-23 14:40:22 UTC

Description Petr Matousek 2011-06-28 11:15:54 UTC
It has been found that calling VirDomainGetVcpus with bogus parameters can lead to integer overflow and subsequent heap corruption. A remote attacker could use this flaw to crash libvirtd (DoS).

Upstream patch:
https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html

Comment 3 Petr Matousek 2011-06-28 11:27:21 UTC
Created libvirt tracking bugs for this issue

Affects: fedora-all [bug 717204]

Comment 5 errata-xmlrpc 2011-07-21 10:31:10 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:1019 https://rhn.redhat.com/errata/RHSA-2011-1019.html

Comment 6 errata-xmlrpc 2011-07-21 12:30:50 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:1019 https://rhn.redhat.com/errata/RHSA-2011-1019.html

Comment 7 errata-xmlrpc 2011-08-23 14:40:29 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1197 https://rhn.redhat.com/errata/RHSA-2011-1197.html

Comment 8 Eric Blake 2012-10-04 16:48:19 UTC
Any reason this bug is still marked NEW when all dependent bugs have been closed?

Comment 9 Petr Matousek 2012-10-04 20:14:28 UTC
(In reply to comment #8)
> Any reason this bug is still marked NEW when all dependent bugs have been
> closed?

No reason, we can close this bug now. Thanks Eric.


Note You need to log in before you can comment on or make changes to this bug.