CVE-2011-3346
QEMU < 0.15.2 - Denial of Service via Crafted SAI READ CAPACITY SCSI Command
Title source: llmDescription
Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1401.html
Exploit, Patch x_refsource_confirm
https://github.com/bonzini/qemu/commit/103b40f51e4012b3b0ad20f615562a1806d7f49a
Exploit, Patch x_refsource_confirm
https://github.com/bonzini/qemu/commit/7285477ab11831b1cf56e45878a89170dd06d9b9
Patch x_refsource_confirm
http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/10/20/2
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=736038
Scores
EPSS
0.0012
EPSS Percentile
30.3%
Details
CWE
CWE-119
Status
published
Products (4)
qemu/qemu
0.15.0 rc1 (2 CPE variants)
qemu/qemu
< 0.15.1
redhat/enterprise_linux
5
xen/xen
Published
Apr 01, 2014
Tracked Since
Feb 18, 2026