CVE-2011-2212

Name of the Vulnerable Software and Affected Versions qemu-kvm version 0.14.0 and earlier

Description The issue is related to a buffer overflow in the virtio subsystem, allowing privileged guest users to cause a denial of service or gain privileges via a crafted indirect descriptor. This is related to "virtqueue in and out requests." Additionally, there are multiple vulnerabilities in the kvm package of the openSUSE operating system that can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by an attacker who has passed the authentication procedure.

Recommendations For qemu-kvm version 0.14.0 and earlier, consider updating to a newer version to mitigate the risk, as the current version allows for potential denial of service or privilege escalation. As a temporary workaround, consider restricting access to the virtio subsystem until a patch is available. Avoid using crafted indirect descriptors related to "virtqueue in and out requests" in the affected qemu-kvm versions until the issue is resolved.