PT-2014-2145 · Qemu+1 · Qemu+1

Paolo Bonzini

·

Publicado

2011-10-24

·

Atualizado

2023-02-13

·

CVE-2011-3346

CVSS v2.0

4.0

Média

VetorAV:L/AC:H/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions QEMU versions prior to 0.15.2
Description A buffer overflow issue exists in the SCSI subsystem of QEMU, which could allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. This issue is only considered a vulnerability when specific permissions or ACLs have been manually modified by root.
Recommendations For QEMU versions prior to 0.15.2, update to version 0.15.2 or later to resolve the issue.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2011-3346
RHSA-2011:1401
RHSA-2011_1401

Produtos afetados

Qemu
Red Hat