Headline
CVE-2010-0297: '[oss-security] KVM possible security issues fixed'
Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.
[prev in list] [next in list] [prev in thread] [next in thread] List: oss-security Subject: [oss-security] KVM possible security issues fixed From: Thomas Biege <thomas () suse ! de> Date: 2010-02-02 9:59:13 Message-ID: 201002021059.13521.thomas () suse ! de [Download RAW message or body]
Hello, the following was listed in the changelog of kvm
- slirp: fix use-after-free
- usb-linux.c: fix buffer overflow
- fix potential stack corruption saving MSRs (Eduardo Habkost)
Looks like these are security issues. Does someone know more about? Any details about exploitability etc.
Thanks Thomas
– Thomas Biege [email protected], SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) – Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. – Marie von Ebner-Eschenbach [prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic