CVE-2011-2512
qemu-kvm < 0.14.0 - Denial of Service via Negative Virtqueue Number
Title source: llmDescription
The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.
References (14)
Core 14
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2011-0919.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45170
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/28/13
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44648
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/29/15
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45301
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45158
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/74751
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44458
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1165-1
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2011/dsa-2270
Various Sources vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/9605323
Scores
EPSS
0.0190
EPSS Percentile
77.3%
Details
CWE
CWE-20
Status
published
Products (2)
kvm_group/qemu-kvm
0.12
kvm_group/qemu-kvm
< 0.14.0
Published
Jun 21, 2012
Tracked Since
Feb 18, 2026