CVE-2011-1750

Name of the Vulnerable Software and Affected Versions qemu-kvm version 0.14.0

Description The issue is related to multiple heap-based buffer overflows in the virtio-blk driver. This can be exploited by local guest users to cause a denial of service, potentially leading to a guest crash, and may also allow them to gain privileges. The exploitation can occur through a write request to the virtio blk handle write function or a read request to the virtio blk handle read function that is not properly aligned.

Recommendations For qemu-kvm version 0.14.0, consider updating to a newer version that addresses the buffer overflow issues in the virtio-blk driver. As a temporary workaround, restrict access to the virtio blk handle write and virtio blk handle read functions to minimize the risk of exploitation.