kvm security update
By causing a hot-unplug of the pci-isa bridge from within
guests the qemu process could access already freed memory.
A privileged user inside the guest could exploit that to
crash the guest instance or potentially execute arbitrary
code on the host (CVE-2011-1751).
The virtio-blk driver did not properly validate read and
write request. A privileged user inside the guest could
exploit that to cause a heap corruption and crash the guest
instance or potentially execute arbitrary code on the host
(CVE-2011-1750).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4582
Fixed bugs
bnc#690781
VUL-0: qemu/qemu-kvm code execution
bnc#689895
VUL-0: qemu-kvm: heap corruption
CVE#CVE-2011-1751
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-1750
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
