Your submission was sent successfully! Close

CVE-2011-3346

Published: 1 April 2014

Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.

Priority

Low

Status

Package Release Status
qemu-kvm
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

upstream Needs triage

Patches:
other: http://repo.or.cz/w/qemu.git/commit/7285477ab11831b1cf56e45878a89170dd06d9b9
other: http://repo.or.cz/w/qemu.git/commit/103b40f51e4012b3b0ad20f615562a1806d7f49a


xen
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

upstream Needs triage

Patches:


vendor: https://rhn.redhat.com/errata/RHSA-2011-1401.html

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.1
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.2
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage

Patches:



vendor: https://rhn.redhat.com/errata/RHSA-2011-1401.html
Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
jdstrand
redhat bug has reproducer
non-privileged user in the guest can crash qemu. Requires
write access to a scsi device, eg /dev/sr0
this only affected the RedHat xen packages, not qemu. Verified
issue does not affect qemu-kvm on Ubuntu 12.04, 11.10, 11.04, 10.10, and
10.04 LTS by attaching a scsi CDROM and performing:
sg_raw -r 32768 /dev/sr0 9E 10 00 00 00 00 00 00 00 00 00 04 00 00 00 00
sg_raw -r 32768 /dev/sr0 9E 10 00 00 00 00 00 00 00 00 00 01 00 00 00 00
hypervisor code for xen is in universe
mdeslaur
code seems different in xen, marking as not-affected

References