Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-2512
HistoryJun 21, 2012 - 3:55 p.m.

CVE-2011-2512

2012-06-2115:55:09
CWE-20
[email protected]
web.nvd.nist.gov
43
4
cve
2011
2512
virtio_queue_notify
qemu-kvm
denial of service
guest crash
arbitrary code
nvd

5.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.0%

JSON

The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.

Affected configurations

NVD
Node
kvm_groupqemu-kvmRange0.14.0
OR
kvm_groupqemu-kvmMatch0.12

Social References

More

Related

nessus 8
ubuntucve 1
securityvulns 2
nvd 1
openvas 9
debian 2
prion 1
veracode 1
cvelist 1
ubuntu 1
oraclelinux 1
suse 2
redhat 1
gentoo 1
nessus
nessus
Debian DSA-2270-1 : qemu-kvm - programming error
2011-07-05 00:00:00
Oracle Linux 6 : qemu-kvm (ELSA-2011-0919)
2013-07-12 00:00:00
Ubuntu 10.04 LTS / 10.10 / 11.04 : qemu-kvm vulnerabilities (USN-1165-1)
2011-07-07 00:00:00
ubuntucve
ubuntucve
CVE-2011-2512
2011-07-05 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2270-1] qemu-kvm security update
2011-07-06 00:00:00
kvm code execution
2011-07-26 00:00:00
nvd
nvd
CVE-2011-2512
2012-06-21 15:55:09
openvas
openvas
Debian Security Advisory DSA 2270-1 (qemu-kvm)
2011-08-03 00:00:00
Debian: Security Advisory (DSA-2270-1)
2011-08-03 00:00:00
Oracle: Security Advisory (ELSA-2011-0919)
2015-10-06 00:00:00
debian
debian
[SECURITY] [DSA 2270-1] qemu-kvm security update
2011-07-01 20:51:24
[BSA-039] Security Update for qemu-kvm
2011-07-04 14:46:56
prion
prion
Design/Logic Flaw
2012-06-21 15:55:00
veracode
veracode
Privilege Escalation
2020-04-10 00:59:07
cvelist
cvelist
CVE-2011-2512
2012-06-21 15:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2011-07-06 00:00:00
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2011-07-05 00:00:00
suse
suse
Security update for KVM (critical)
2011-07-19 07:08:26
kvm (important)
2011-07-19 05:08:14
redhat
redhat
(RHSA-2011:0919) Important: qemu-kvm security and bug fix update
2011-07-05 00:00:00
gentoo
gentoo
qemu-kvm: Multiple vulnerabilities
2012-10-18 00:00:00

5.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.0%

JSON
Related for CVE-2011-2512
nessus8ubuntucve1securityvulns2nvd1openvas9debian2prion1veracode1cvelist1ubuntu1oraclelinux1suse2redhat1gentoo1