Bug 717199 - (CVE-2011-2511) CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20110624,reported=20110624,sou...
: Security
Depends On: 717202 717203 717204 717206 717207
Blocks:
  Show dependency treegraph
 
Reported: 2011-06-28 07:15 EDT by Petr Matousek
Modified: 2016-03-04 05:49 EST (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-04 16:14:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Petr Matousek 2011-06-28 07:15:54 EDT
It has been found that calling VirDomainGetVcpus with bogus parameters can lead to integer overflow and subsequent heap corruption. A remote attacker could use this flaw to crash libvirtd (DoS).

Upstream patch:
https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
Comment 3 Petr Matousek 2011-06-28 07:27:21 EDT
Created libvirt tracking bugs for this issue

Affects: fedora-all [bug 717204]
Comment 5 errata-xmlrpc 2011-07-21 06:31:10 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:1019 https://rhn.redhat.com/errata/RHSA-2011-1019.html
Comment 6 errata-xmlrpc 2011-07-21 08:30:50 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:1019 https://rhn.redhat.com/errata/RHSA-2011-1019.html
Comment 7 errata-xmlrpc 2011-08-23 10:40:29 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1197 https://rhn.redhat.com/errata/RHSA-2011-1197.html
Comment 8 Eric Blake 2012-10-04 12:48:19 EDT
Any reason this bug is still marked NEW when all dependent bugs have been closed?
Comment 9 Petr Matousek 2012-10-04 16:14:28 EDT
(In reply to comment #8)
> Any reason this bug is still marked NEW when all dependent bugs have been
> closed?

No reason, we can close this bug now. Thanks Eric.

Note You need to log in before you can comment on or make changes to this bug.