CVE-2011-2512

qemu-kvm < 0.14.0 - Denial of Service via Negative Virtqueue Number

Title source: llm
STIX 2.1

Description

The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.

References (14)

Core 14
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2011-0919.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45170
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/28/13
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44648
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/29/15
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45301
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45158
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/74751
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44458
Various Sources vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-1165-1
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2011/dsa-2270
Various Sources vendor-advisory x_refsource_suse
https://hermes.opensuse.org/messages/9605323

Scores

EPSS 0.0190
EPSS Percentile 77.3%

Details

CWE
CWE-20
Status published
Products (2)
kvm_group/qemu-kvm 0.12
kvm_group/qemu-kvm < 0.14.0
Published Jun 21, 2012
Tracked Since Feb 18, 2026