Release date:
Updated on:
Affected Systems:
RedHat Enterprise Linux Workstation 6
RedHat Enterprise Linux Server 6
RedHat Enterprise Linux HPC Node 6
RedHat Enterprise Linux Desktop 6
QEMU
Description:
--------------------------------------------------------------------------------
Bugtraq id: 48574
Cve id: CVE-2011-2212
QEMU is an open source simulator software.
Qemu kvm has the Local Privilege Escalation Vulnerability in the virtqueue implementation. Local attackers can exploit this vulnerability to execute arbitrary code on the host operating system or cause the client operating system to crash. This vulnerability affects Virtio components.
This vulnerability is caused by a boundary error in the VirtIO implementation when the queue request is sent. A specially crafted queue request can cause a buffer overflow.
<* Source: Nelson Elhage (nelhage@mit.edu)
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 713589
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://fabrice.bellard.free.fr/qemu/