CVE-2011-2512 - CERT CVE
ID CVE-2011-2512
Sažetak The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.
Reference
CVSS
Base: 5.8
Impact: 6.4
Exploitability:6.5
Pristup
VektorSloženostAutentikacija
ADJACENT_NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:A/AC:L/Au:N/C:P/I:P/A:P
Zadnje važnije ažuriranje 13-02-2023 - 01:19
Objavljeno 21-06-2012 - 15:55