CVE-2011-2512

Name of the Vulnerable Software and Affected Versions qemu-kvm version 0.14.0 and earlier

Description The issue allows guest users to cause a denial of service, potentially leading to a guest crash, and possibly execute arbitrary code. This is due to the virtio queue notify in qemu-kvm not properly validating the virtqueue number, which can be bypassed by a negative number in the Queue Notify field of the Virtio Header. Additionally, multiple vulnerabilities in the kvm package of the openSUSE operating system may lead to breaches of confidentiality, integrity, and availability of protected information, exploitable by an authenticated attacker.

Recommendations For qemu-kvm version 0.14.0 and earlier, consider updating to a newer version to mitigate the risk, as the current version does not properly validate the virtqueue number. At the moment, there is no information about a newer version that contains a fix for this vulnerability.