CVE-2011-3346

Name of the Vulnerable Software and Affected Versions QEMU versions prior to 0.15.2

Description A buffer overflow issue exists in the SCSI subsystem of QEMU, which could allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. This issue is only considered a vulnerability when specific permissions or ACLs have been manually modified by root.

Recommendations For QEMU versions prior to 0.15.2, update to version 0.15.2 or later to resolve the issue.