The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of QEMU-KVM: buffer overflow via virtio-blk

Synthesis of the vulnerability 

A privileged attacker in a QEMU-KVM guest system can generate an overflow, in order to stop the host system, or to execute code.
Impacted systems: Debian, Fedora, openSUSE, RHEL, SLES, Unix (platform) ~ not comprehensive.
Severity of this alert: 1/4.
Creation date: 22/04/2011.
Références of this alert: BID-47546, CVE-2011-1750, DSA-2230-1, FEDORA-2012-8592, FEDORA-2012-8604, openSUSE-SU-2011:0510-1, RHSA-2011:0534-01, SUSE-SR:2011:010, SUSE-SU-2011:0533-1, VIGILANCE-VUL-10595.

Description of the vulnerability 

QEMU-KVM uses the KVM kernel module, and can use VIRTIO to communicate efficiently with the kernel.

The hw/virtio-blk.c file implements the support of block type devices, such as hard drives. However, the virtio_blk_handle_write() and virtio_blk_handle_read() functions do not check if the size of queries is a multiple of a block size. A buffer overflow then occurs.

These malformed queries can only be sent by an administrator in the guest system.

A privileged attacker in a QEMU-KVM guest system can therefore generate an overflow, in order to stop the host system, or to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability alert impacts software or systems such as Debian, Fedora, openSUSE, RHEL, SLES, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer threat alert is low.

The trust level is of type confirmed by the editor, with an origin of privileged shell.

An attacker with a expert ability can exploit this security vulnerability.

Solutions for this threat 

QEMU-KVM: patch for virtio-blk.
A patch is available in information sources.

Debian: new qemu-kvm packages.
New packages are available:
  qemu-kvm 0.12.5+dfsg-5+squeeze1

Fedora: new qemu packages.
New packages are available:
  qemu-0.14.0-9.fc15
  qemu-0.15.1-5.fc16

openSUSE: new kvm packages.
New packages are available:
 - openSUSE 11.3 : kvm-0.12.5-1.4.1
 - openSUSE 11.4 : kvm-0.14.0.0-1.6.1

RHEL 6: new qemu-kvm packages (19/05/2011).
New packages are available:
  qemu-kvm-0.12.1.2-2.160.el6

SUSE LE 11: new kvm packages.
New packages are available:
  kvm-0.12.5-1.8.1

SUSE: new packages (31/05/2011).
New packages are available, as indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides network vulnerability analysis. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.