CVE-2011-3346

NameCVE-2011-3346
DescriptionBuffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)
Debian Bugs646118

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu-kvm (PTS)wheezy1.1.2+dfsg-6+deb7u12fixed
wheezy (security)1.1.2+dfsg-6+deb7u24fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemu-kvmsource(unstable)0.15.1+dfsg-1medium646118

Notes

[squeeze] - qemu-kvm <no-dsa> (SCSI support in 0.12 generally broken, no complete fix other than updating to 0.15)

Search for package or bug name: Reporting problems