ID OPENVAS:136141256231072520 Type openvas Reporter Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com Modified 2018-10-12T00:00:00
Description
The remote host is missing updates announced in
advisory GLSA 201210-04.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: glsa_201210_04.nasl 11859 2018-10-12 08:53:01Z cfischer $
#
# Auto generated from Gentoo's XML based advisory
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.72520");
script_tag(name:"cvss_base", value:"7.4");
script_tag(name:"cvss_base_vector", value:"AV:A/AC:M/Au:S/C:C/I:C/A:C");
script_cve_id("CVE-2011-1750", "CVE-2011-1751", "CVE-2011-2212", "CVE-2011-2512", "CVE-2012-0029", "CVE-2012-2652");
script_version("$Revision: 11859 $");
script_tag(name:"last_modification", value:"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $");
script_tag(name:"creation_date", value:"2012-10-22 08:43:44 -0400 (Mon, 22 Oct 2012)");
script_name("Gentoo Security Advisory GLSA 201210-04 (ebuild)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
script_family("Gentoo Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_tag(name:"insight", value:"Multiple vulnerabilities were found in qemu-kvm, allowing attackers
to execute arbitrary code.");
script_tag(name:"solution", value:"All qemu-kvm users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=app-emulation/qemu-kvm-1.1.1-r1'");
script_xref(name:"URL", value:"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201210-04");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=364889");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=365259");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=372411");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=373997");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=400595");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=430456");
script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory GLSA 201210-04.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-gentoo.inc");
include("revisions-lib.inc");
res = "";
report = "";
if((res = ispkgvuln(pkg:"app-emulation/qemu-kvm", unaffected: make_list("ge 1.1.1-r1"), vulnerable: make_list("lt 1.1.1-r1"))) != NULL ) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}
{"id": "OPENVAS:136141256231072520", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 201210-04 (ebuild)", "description": "The remote host is missing updates announced in\nadvisory GLSA 201210-04.", "published": "2012-10-22T00:00:00", "modified": "2018-10-12T00:00:00", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072520", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": ["http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201210-04", "http://bugs.gentoo.org/show_bug.cgi?id=372411", "http://bugs.gentoo.org/show_bug.cgi?id=400595", "http://bugs.gentoo.org/show_bug.cgi?id=373997", "http://bugs.gentoo.org/show_bug.cgi?id=365259", "http://bugs.gentoo.org/show_bug.cgi?id=430456", "http://bugs.gentoo.org/show_bug.cgi?id=364889"], "cvelist": ["CVE-2011-2212", "CVE-2012-2652", "CVE-2012-0029", "CVE-2011-2512", "CVE-2011-1750", "CVE-2011-1751"], "lastseen": "2019-05-29T18:39:19", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-201210-04"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310840695", "OPENVAS:870639", "OPENVAS:1361412562310122168", "OPENVAS:870605", "OPENVAS:840695", "OPENVAS:840677", "OPENVAS:72520", "OPENVAS:1361412562310840677", "OPENVAS:1361412562310122140", "OPENVAS:1361412562310870639"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1145-1.NASL", "SUSE_11_KVM-110518.NASL", "SUSE_11_4_KVM-110518.NASL", "REDHAT-RHSA-2011-0919.NASL", "ORACLELINUX_ELSA-2011-0919.NASL", "SUSE_11_3_KVM-110518.NASL", "SUSE_11_4_KVM-110711.NASL", "SL_20110519_QEMU_KVM_ON_SL6_X.NASL", "REDHAT-RHSA-2011-0534.NASL", "GENTOO_GLSA-201210-04.NASL"]}, {"type": "cve", "idList": ["CVE-2012-0029", "CVE-2011-1750", "CVE-2011-2512", "CVE-2012-2652", "CVE-2011-1751", "CVE-2011-2212"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2270-1:25AA0", "DEBIAN:BSA-039:B3390", "DEBIAN:DSA-2241-1:E59FF", "DEBIAN:DSA-2396-1:86D57", "DEBIAN:DSA-2404-1:77187"]}, {"type": "redhat", "idList": ["RHSA-2011:0919", "RHSA-2011:0534", "RHSA-2012:0370"]}, {"type": "ubuntu", "idList": ["USN-1165-1", "USN-1145-1", "USN-1522-1"]}, {"type": "suse", "idList": ["SUSE-SU-2011:0806-1", "OPENSUSE-SU-2011:0803-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0534", "ELSA-2011-0919", "ELSA-2012-0370"]}, {"type": "fedora", "idList": ["FEDORA:89C00219DA", "FEDORA:3E118212FC", "FEDORA:13FD320DF5", "FEDORA:9BE8D212EA", "FEDORA:BB441201DF"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12172", "SECURITYVULNS:DOC:26610", "SECURITYVULNS:DOC:28341", "SECURITYVULNS:VULN:11764", "SECURITYVULNS:VULN:12498", "SECURITYVULNS:DOC:26415", "SECURITYVULNS:VULN:11641"]}], "modified": "2019-05-29T18:39:19", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2019-05-29T18:39:19", "rev": 2}, "vulnersScore": 8.5}, "pluginID": "136141256231072520", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201210_04.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72520\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\", \"CVE-2011-2212\", \"CVE-2011-2512\", \"CVE-2012-0029\", \"CVE-2012-2652\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-22 08:43:44 -0400 (Mon, 22 Oct 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201210-04 (ebuild)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in qemu-kvm, allowing attackers\n to execute arbitrary code.\");\n script_tag(name:\"solution\", value:\"All qemu-kvm users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n'>=app-emulation/qemu-kvm-1.1.1-r1'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201210-04\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=364889\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=365259\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=372411\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373997\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=400595\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=430456\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201210-04.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-emulation/qemu-kvm\", unaffected: make_list(\"ge 1.1.1-r1\"), vulnerable: make_list(\"lt 1.1.1-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "naslFamily": "Gentoo Local Security Checks"}
{"gentoo": [{"lastseen": "2016-09-06T19:46:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2212", "CVE-2012-2652", "CVE-2012-0029", "CVE-2011-2512", "CVE-2011-1750", "CVE-2011-1751"], "edition": 1, "description": "### Background\n\nqemu-kvm provides QEMU and Kernel-based Virtual Machine userland tools.\n\n### Description\n\nMultiple vulnerabilities have been discovered in qemu-kvm. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThese vulnerabilities allow a remote attacker to cause a Denial of Service condition on the host server or qemu process, might allow for arbitrary code execution or a symlink attack when qemu-kvm is in snapshot mode. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll qemu-kvm users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/qemu-kvm-1.1.1-r1\"", "modified": "2012-10-18T00:00:00", "published": "2012-10-18T00:00:00", "id": "GLSA-201210-04", "href": "https://security.gentoo.org/glsa/201210-04", "type": "gentoo", "title": "qemu-kvm: Multiple vulnerabilities", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2212", "CVE-2012-2652", "CVE-2012-0029", "CVE-2011-2512", "CVE-2011-1750", "CVE-2011-1751"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201210-04.", "modified": "2017-07-07T00:00:00", "published": "2012-10-22T00:00:00", "id": "OPENVAS:72520", "href": "http://plugins.openvas.org/nasl.php?oid=72520", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201210-04 (ebuild)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in qemu-kvm, allowing attackers\n to execute arbitrary code.\";\ntag_solution = \"All qemu-kvm users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n'>=app-emulation/qemu-kvm-1.1.1-r1'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201210-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=364889\nhttp://bugs.gentoo.org/show_bug.cgi?id=365259\nhttp://bugs.gentoo.org/show_bug.cgi?id=372411\nhttp://bugs.gentoo.org/show_bug.cgi?id=373997\nhttp://bugs.gentoo.org/show_bug.cgi?id=400595\nhttp://bugs.gentoo.org/show_bug.cgi?id=430456\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201210-04.\";\n\n \n \nif(description)\n{\n script_id(72520);\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\", \"CVE-2011-2212\", \"CVE-2011-2512\", \"CVE-2012-0029\", \"CVE-2012-2652\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-22 08:43:44 -0400 (Mon, 22 Oct 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201210-04 (ebuild)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-emulation/qemu-kvm\", unaffected: make_list(\"ge 1.1.1-r1\"), vulnerable: make_list(\"lt 1.1.1-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:56:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "description": "Check for the Version of qemu-kvm", "modified": "2018-01-08T00:00:00", "published": "2012-06-06T00:00:00", "id": "OPENVAS:870639", "href": "http://plugins.openvas.org/nasl.php?oid=870639", "type": "openvas", "title": "RedHat Update for qemu-kvm RHSA-2011:0534-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qemu-kvm RHSA-2011:0534-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\n Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component\n for running virtual machines using KVM.\n\n It was found that the virtio-blk driver in qemu-kvm did not properly\n validate read and write requests from guests. A privileged guest user could\n use this flaw to crash the guest or, possibly, execute arbitrary code on\n the host. (CVE-2011-1750)\n\n It was found that the PIIX4 Power Management emulation layer in qemu-kvm\n did not properly check for hot plug eligibility during device removals. A\n privileged guest user could use this flaw to crash the guest or, possibly,\n execute arbitrary code on the host. (CVE-2011-1751)\n\n Red Hat would like to thank Nelson Elhage for reporting CVE-2011-1751.\n\n This update also fixes several bugs and adds various enhancements.\n Documentation for these bug fixes and enhancements will be available\n shortly from the Technical Notes document, linked to in the References\n section.\n\n All users of qemu-kvm should upgrade to these updated packages, which\n contain backported patches to resolve these issues, and fix the bugs and\n add the enhancements noted in the Technical Notes. After installing this\n update, shut down all running virtual machines. Once all virtual machines\n have shut down, start them again for this update to take effect.\n\n 4. Solution:\n\n Before applying this update, make sure all previously-released errata\n relevant to your system have been applied.\n\n This update is available via the Red Hat Network. Details on how to\n use the Red Hat Network to apply this update are available at\n https://access.redhat.com/kb/docs/DOC-11259\n\n 5. Bugs fixed http://bugzilla.redhat.com/\";\n\ntag_affected = \"qemu-kvm on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00013.html\");\n script_id(870639);\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:38:30 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\");\n script_xref(name: \"RHSA\", value: \"2011:0534-01\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2011:0534-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qemu-kvm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.160.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.160.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~0.12.1.2~2.160.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.160.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "description": "Oracle Linux Local Security Checks ELSA-2011-0534", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122168", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122168", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0534", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0534.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122168\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:10 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0534\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0534 - qemu-kvm security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0534\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0534.html\");\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.160.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.160.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.160.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1145-1", "modified": "2019-03-13T00:00:00", "published": "2011-06-20T00:00:00", "id": "OPENVAS:1361412562310840677", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840677", "type": "openvas", "title": "Ubuntu Update for qemu-kvm USN-1145-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1145_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for qemu-kvm USN-1145-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1145-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840677\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-20 08:37:08 +0200 (Mon, 20 Jun 2011)\");\n script_xref(name:\"USN\", value:\"1145-1\");\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\");\n script_name(\"Ubuntu Update for qemu-kvm USN-1145-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1145-1\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that QEMU did not properly perform validation of I/O\n operations from the guest which could lead to heap corruption. An attacker\n could exploit this to cause a denial of service of the guest or possibly\n execute code with the privileges of the user invoking the program.\n (CVE-2011-1750)\n\n Nelson Elhage discoverd that QEMU did not properly handle memory when\n removing ISA devices. An attacker could exploit this to cause a denial of\n service of the guest or possibly execute code with the privileges of the\n user invoking the program. (CVE-2011-1751)\n\n When using QEMU with libvirt or virtualization management software based on\n libvirt such as Eucalyptus and OpenStack, QEMU guests are individually isolated\n by an AppArmor profile by default in Ubuntu.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.5+noroms-0ubuntu7.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras\", ver:\"0.12.5+noroms-0ubuntu7.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras-static\", ver:\"0.12.5+noroms-0ubuntu7.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.3+noroms-0ubuntu9.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras\", ver:\"0.12.3+noroms-0ubuntu9.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras-static\", ver:\"0.12.3+noroms-0ubuntu9.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.14.0+noroms-0ubuntu4.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1145-1", "modified": "2017-12-01T00:00:00", "published": "2011-06-20T00:00:00", "id": "OPENVAS:840677", "href": "http://plugins.openvas.org/nasl.php?oid=840677", "type": "openvas", "title": "Ubuntu Update for qemu-kvm USN-1145-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1145_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for qemu-kvm USN-1145-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that QEMU did not properly perform validation of I/O\n operations from the guest which could lead to heap corruption. An attacker\n could exploit this to cause a denial of service of the guest or possibly\n execute code with the privileges of the user invoking the program.\n (CVE-2011-1750)\n\n Nelson Elhage discoverd that QEMU did not properly handle memory when\n removing ISA devices. An attacker could exploit this to cause a denial of\n service of the guest or possibly execute code with the privileges of the\n user invoking the program. (CVE-2011-1751)\n \n When using QEMU with libvirt or virtualization management software based on\n libvirt such as Eucalyptus and OpenStack, QEMU guests are individually isolated\n by an AppArmor profile by default in Ubuntu.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1145-1\";\ntag_affected = \"qemu-kvm on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1145-1/\");\n script_id(840677);\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-20 08:37:08 +0200 (Mon, 20 Jun 2011)\");\n script_xref(name: \"USN\", value: \"1145-1\");\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\");\n script_name(\"Ubuntu Update for qemu-kvm USN-1145-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.5+noroms-0ubuntu7.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras\", ver:\"0.12.5+noroms-0ubuntu7.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras-static\", ver:\"0.12.5+noroms-0ubuntu7.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.3+noroms-0ubuntu9.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras\", ver:\"0.12.3+noroms-0ubuntu9.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras-static\", ver:\"0.12.3+noroms-0ubuntu9.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.14.0+noroms-0ubuntu4.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-06-06T00:00:00", "id": "OPENVAS:1361412562310870639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870639", "type": "openvas", "title": "RedHat Update for qemu-kvm RHSA-2011:0534-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qemu-kvm RHSA-2011:0534-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00013.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870639\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 12382 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:51:56 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:38:30 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\");\n script_xref(name:\"RHSA\", value:\"2011:0534-01\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2011:0534-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-kvm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\n Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component\n for running virtual machines using KVM.\n\n It was found that the virtio-blk driver in qemu-kvm did not properly\n validate read and write requests from guests. A privileged guest user could\n use this flaw to crash the guest or, possibly, execute arbitrary code on\n the host. (CVE-2011-1750)\n\n It was found that the PIIX4 Power Management emulation layer in qemu-kvm\n did not properly check for hot plug eligibility during device removals. A\n privileged guest user could use this flaw to crash the guest or, possibly,\n execute arbitrary code on the host. (CVE-2011-1751)\n\n Red Hat would like to thank Nelson Elhage for reporting CVE-2011-1751.\n\n This update also fixes several bugs and adds various enhancements.\n Documentation for these bug fixes and enhancements will be available\n shortly from the Technical Notes document, linked to in the References\n section.\n\n All users of qemu-kvm should upgrade to these updated packages, which\n contain backported patches to resolve these issues, and fix the bugs and\n add the enhancements noted in the Technical Notes. After installing this\n update, shut down all running virtual machines. Once all virtual machines\n have shut down, start them again for this update to take effect.\n\n 4. Solution:\n\n Before applying this update, make sure all previously-released errata\n relevant to your system have been applied.\n\n This update is available via the Red Hat Network. Details on how to\n use the Red Hat Network to apply this update are available at the linked\n references.\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/kb/docs/DOC-11259\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.160.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.160.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~0.12.1.2~2.160.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.160.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2212", "CVE-2011-2512"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1165-1", "modified": "2019-03-13T00:00:00", "published": "2011-07-08T00:00:00", "id": "OPENVAS:1361412562310840695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840695", "type": "openvas", "title": "Ubuntu Update for qemu-kvm USN-1165-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1165_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for qemu-kvm USN-1165-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1165-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840695\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-08 16:31:28 +0200 (Fri, 08 Jul 2011)\");\n script_xref(name:\"USN\", value:\"1165-1\");\n script_cve_id(\"CVE-2011-2212\", \"CVE-2011-2512\");\n script_name(\"Ubuntu Update for qemu-kvm USN-1165-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1165-1\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Nelson Elhage discoverd that QEMU did not properly validate certain\n virtqueue requests from the guest. An attacker could exploit this to cause\n a denial of service of the guest or possibly execute code with the\n privileges of the user invoking the program. (CVE-2011-2212)\n\n Stefan Hajnoczi discovered that QEMU did not properly perform integer\n comparisons when performing virtqueue input validation. An attacker could\n exploit this to cause a denial of service of the guest or possibly execute\n code with the privileges of the user invoking the program. (CVE-2011-2512)\n\n When using QEMU with libvirt or virtualization management software based on\n libvirt such as Eucalyptus and OpenStack, QEMU guests are individually\n isolated by an AppArmor profile by default in Ubuntu.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.5+noroms-0ubuntu7.8\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras\", ver:\"0.12.5+noroms-0ubuntu7.8\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras-static\", ver:\"0.12.5+noroms-0ubuntu7.8\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.3+noroms-0ubuntu9.12\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras\", ver:\"0.12.3+noroms-0ubuntu9.12\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras-static\", ver:\"0.12.3+noroms-0ubuntu9.12\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.14.0+noroms-0ubuntu4.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2212", "CVE-2011-2512"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1165-1", "modified": "2017-12-01T00:00:00", "published": "2011-07-08T00:00:00", "id": "OPENVAS:840695", "href": "http://plugins.openvas.org/nasl.php?oid=840695", "type": "openvas", "title": "Ubuntu Update for qemu-kvm USN-1165-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1165_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for qemu-kvm USN-1165-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Nelson Elhage discoverd that QEMU did not properly validate certain\n virtqueue requests from the guest. An attacker could exploit this to cause\n a denial of service of the guest or possibly execute code with the\n privileges of the user invoking the program. (CVE-2011-2212)\n\n Stefan Hajnoczi discovered that QEMU did not properly perform integer\n comparisons when performing virtqueue input validation. An attacker could\n exploit this to cause a denial of service of the guest or possibly execute\n code with the privileges of the user invoking the program. (CVE-2011-2512)\n \n When using QEMU with libvirt or virtualization management software based on\n libvirt such as Eucalyptus and OpenStack, QEMU guests are individually\n isolated by an AppArmor profile by default in Ubuntu.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1165-1\";\ntag_affected = \"qemu-kvm on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1165-1/\");\n script_id(840695);\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-08 16:31:28 +0200 (Fri, 08 Jul 2011)\");\n script_xref(name: \"USN\", value: \"1165-1\");\n script_cve_id(\"CVE-2011-2212\", \"CVE-2011-2512\");\n script_name(\"Ubuntu Update for qemu-kvm USN-1165-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.5+noroms-0ubuntu7.8\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras\", ver:\"0.12.5+noroms-0ubuntu7.8\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras-static\", ver:\"0.12.5+noroms-0ubuntu7.8\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.3+noroms-0ubuntu9.12\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras\", ver:\"0.12.3+noroms-0ubuntu9.12\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras-static\", ver:\"0.12.3+noroms-0ubuntu9.12\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.14.0+noroms-0ubuntu4.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2212", "CVE-2011-2512"], "description": "Oracle Linux Local Security Checks ELSA-2011-0919", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122140", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122140", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0919", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0919.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122140\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:41 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0919\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0919 - qemu-kvm security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0919\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0919.html\");\n script_cve_id(\"CVE-2011-2212\", \"CVE-2011-2512\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.160.el6_1.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.160.el6_1.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.160.el6_1.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2212", "CVE-2011-2512"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-06-06T00:00:00", "id": "OPENVAS:1361412562310870605", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870605", "type": "openvas", "title": "RedHat Update for qemu-kvm RHSA-2011:0919-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qemu-kvm RHSA-2011:0919-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870605\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:33:11 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-2212\", \"CVE-2011-2512\");\n script_xref(name:\"RHSA\", value:\"2011:0919-01\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2011:0919-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-kvm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\n Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component\n for running virtual machines using KVM.\n\n It was found that the virtio subsystem in qemu-kvm did not properly\n validate virtqueue in and out requests from the guest. A privileged guest\n user could use this flaw to trigger a buffer overflow, allowing them to\n crash the guest (denial of service) or, possibly, escalate their privileges\n on the host. (CVE-2011-2212)\n\n It was found that the virtio_queue_notify() function in qemu-kvm did not\n perform sufficient input validation on the value later used as an index\n into the array of virtqueues. An unprivileged guest user could use this\n flaw to crash the guest (denial of service) or, possibly, escalate their\n privileges on the host. (CVE-2011-2512)\n\n Red Hat would like to thank Nelson Elhage for reporting CVE-2011-2212.\n\n This update also fixes the following bug:\n\n * A bug was found in the way vhost (in qemu-kvm) set up mappings with the\n host kernel's vhost module. This could result in the host kernel's vhost\n module not having a complete view of a guest system's memory, if that guest\n had more than 4 GB of memory. Consequently, hot plugging a vhost-net\n network device and restarting the guest may have resulted in that device no\n longer working. (BZ#701771)\n\n All users of qemu-kvm should upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, shut down all running virtual machines. Once all virtual machines\n have shut down, start them again for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.160.el6_1.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.160.el6_1.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~0.12.1.2~2.160.el6_1.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.160.el6_1.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T10:54:30", "description": "The remote host is affected by the vulnerability described in GLSA-201210-04\n(qemu-kvm: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in qemu-kvm. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n These vulnerabilities allow a remote attacker to cause a Denial of\n Service condition on the host server or qemu process, might allow for\n arbitrary code execution or a symlink attack when qemu-kvm is in snapshot\n mode.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2012-10-19T00:00:00", "title": "GLSA-201210-04 : qemu-kvm: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2212", "CVE-2012-2652", "CVE-2012-0029", "CVE-2011-2512", "CVE-2011-1750", "CVE-2011-1751"], "modified": "2012-10-19T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:qemu-kvm"], "id": "GENTOO_GLSA-201210-04.NASL", "href": "https://www.tenable.com/plugins/nessus/62634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201210-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62634);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\", \"CVE-2011-2212\", \"CVE-2011-2512\", \"CVE-2012-0029\", \"CVE-2012-2652\");\n script_bugtraq_id(47546, 47927, 48499, 48574, 51642, 53725);\n script_xref(name:\"GLSA\", value:\"201210-04\");\n\n script_name(english:\"GLSA-201210-04 : qemu-kvm: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201210-04\n(qemu-kvm: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in qemu-kvm. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n These vulnerabilities allow a remote attacker to cause a Denial of\n Service condition on the host server or qemu process, might allow for\n arbitrary code execution or a symlink attack when qemu-kvm is in snapshot\n mode.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201210-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All qemu-kvm users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/qemu-kvm-1.1.1-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/qemu-kvm\", unaffected:make_list(\"ge 1.1.1-r1\"), vulnerable:make_list(\"lt 1.1.1-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:59:10", "description": "Updated qemu-kvm packages that fix two security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\ncomponent for running virtual machines using KVM.\n\nIt was found that the virtio-blk driver in qemu-kvm did not properly\nvalidate read and write requests from guests. A privileged guest user\ncould use this flaw to crash the guest or, possibly, execute arbitrary\ncode on the host. (CVE-2011-1750)\n\nIt was found that the PIIX4 Power Management emulation layer in\nqemu-kvm did not properly check for hot plug eligibility during device\nremovals. A privileged guest user could use this flaw to crash the\nguest or, possibly, execute arbitrary code on the host.\n(CVE-2011-1751)\n\nRed Hat would like to thank Nelson Elhage for reporting CVE-2011-1751.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document, linked to in the References\nsection.\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to resolve these issues, and fix the bugs\nand add the enhancements noted in the Technical Notes. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.", "edition": 26, "published": "2013-01-24T00:00:00", "title": "RHEL 6 : qemu-kvm (RHSA-2011:0534)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2011-0534.NASL", "href": "https://www.tenable.com/plugins/nessus/63980", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0534. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63980);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:16\");\n\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\");\n script_xref(name:\"RHSA\", value:\"2011:0534\");\n\n script_name(english:\"RHEL 6 : qemu-kvm (RHSA-2011:0534)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm packages that fix two security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\ncomponent for running virtual machines using KVM.\n\nIt was found that the virtio-blk driver in qemu-kvm did not properly\nvalidate read and write requests from guests. A privileged guest user\ncould use this flaw to crash the guest or, possibly, execute arbitrary\ncode on the host. (CVE-2011-1750)\n\nIt was found that the PIIX4 Power Management emulation layer in\nqemu-kvm did not properly check for hot plug eligibility during device\nremovals. A privileged guest user could use this flaw to crash the\nguest or, possibly, execute arbitrary code on the host.\n(CVE-2011-1751)\n\nRed Hat would like to thank Nelson Elhage for reporting CVE-2011-1751.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document, linked to in the References\nsection.\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to resolve these issues, and fix the bugs\nand add the enhancements noted in the Technical Notes. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1751\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d2334068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0534\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0534\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.160.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.160.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.160.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.160.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-debuginfo / qemu-kvm-tools\");\n }\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:00:34", "description": "The following bugs have been fixed :\n\n - By causing a hot-unplug of the pci-isa bridge from\n within guests the qemu process could access already\n freed memory. A privileged user inside the guest could\n exploit that to crash the guest instance or potentially\n execute arbitrary code on the host. (CVE-2011-1751)\n\n - The virtio-blk driver did not properly validate read and\n write request. A privileged user inside the guest could\n exploit that to cause a heap corruption and crash the\n guest instance or potentially execute arbitrary code on\n the host. (CVE-2011-1750)", "edition": 22, "published": "2011-05-25T00:00:00", "title": "SuSE 11.1 Security Update : kvm (SAT Patch Number 4574)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:kvm", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_KVM-110518.NASL", "href": "https://www.tenable.com/plugins/nessus/54640", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54640);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\");\n\n script_name(english:\"SuSE 11.1 Security Update : kvm (SAT Patch Number 4574)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\n - By causing a hot-unplug of the pci-isa bridge from\n within guests the qemu process could access already\n freed memory. A privileged user inside the guest could\n exploit that to crash the guest instance or potentially\n execute arbitrary code on the host. (CVE-2011-1751)\n\n - The virtio-blk driver did not properly validate read and\n write request. A privileged user inside the guest could\n exploit that to cause a heap corruption and crash the\n guest instance or potentially execute arbitrary code on\n the host. (CVE-2011-1750)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=690781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1750.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1751.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4574.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kvm-0.12.5-1.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kvm-0.12.5-1.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kvm-0.12.5-1.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kvm-0.12.5-1.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:55:20", "description": "By causing a hot-unplug of the pci-isa bridge from within guests the\nqemu process could access already freed memory. A privileged user\ninside the guest could exploit that to crash the guest instance or\npotentially execute arbitrary code on the host (CVE-2011-1751).\n\nThe virtio-blk driver did not properly validate read and write\nrequest. A privileged user inside the guest could exploit that to\ncause a heap corruption and crash the guest instance or potentially\nexecute arbitrary code on the host (CVE-2011-1750).", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : kvm (openSUSE-SU-2011:0510-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kvm", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_KVM-110518.NASL", "href": "https://www.tenable.com/plugins/nessus/75566", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kvm-4582.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75566);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:41\");\n\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\");\n\n script_name(english:\"openSUSE Security Update : kvm (openSUSE-SU-2011:0510-1)\");\n script_summary(english:\"Check for the kvm-4582 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"By causing a hot-unplug of the pci-isa bridge from within guests the\nqemu process could access already freed memory. A privileged user\ninside the guest could exploit that to crash the guest instance or\npotentially execute arbitrary code on the host (CVE-2011-1751).\n\nThe virtio-blk driver did not properly validate read and write\nrequest. A privileged user inside the guest could exploit that to\ncause a heap corruption and crash the guest instance or potentially\nexecute arbitrary code on the host (CVE-2011-1750).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=690781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kvm-0.12.5-1.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:35:05", "description": "It was discovered that QEMU did not properly perform validation of I/O\noperations from the guest which could lead to heap corruption. An\nattacker could exploit this to cause a denial of service of the guest\nor possibly execute code with the privileges of the user invoking the\nprogram. (CVE-2011-1750)\n\nNelson Elhage discoverd that QEMU did not properly handle memory when\nremoving ISA devices. An attacker could exploit this to cause a denial\nof service of the guest or possibly execute code with the privileges\nof the user invoking the program. (CVE-2011-1751)\n\nWhen using QEMU with libvirt or virtualization management software\nbased on libvirt such as Eucalyptus and OpenStack, QEMU guests are\nindividually isolated by an AppArmor profile by default in Ubuntu.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-06-13T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : qemu-kvm vulnerabilities (USN-1145-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:qemu-kvm-extras", "p-cpe:/a:canonical:ubuntu_linux:qemu-kvm-extras-static", "p-cpe:/a:canonical:ubuntu_linux:qemu-kvm"], "id": "UBUNTU_USN-1145-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55108", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1145-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55108);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\");\n script_bugtraq_id(47546);\n script_xref(name:\"USN\", value:\"1145-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : qemu-kvm vulnerabilities (USN-1145-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that QEMU did not properly perform validation of I/O\noperations from the guest which could lead to heap corruption. An\nattacker could exploit this to cause a denial of service of the guest\nor possibly execute code with the privileges of the user invoking the\nprogram. (CVE-2011-1750)\n\nNelson Elhage discoverd that QEMU did not properly handle memory when\nremoving ISA devices. An attacker could exploit this to cause a denial\nof service of the guest or possibly execute code with the privileges\nof the user invoking the program. (CVE-2011-1751)\n\nWhen using QEMU with libvirt or virtualization management software\nbased on libvirt such as Eucalyptus and OpenStack, QEMU guests are\nindividually isolated by an AppArmor profile by default in Ubuntu.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1145-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected qemu-kvm, qemu-kvm-extras and / or\nqemu-kvm-extras-static packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-kvm-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-kvm-extras-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"qemu-kvm\", pkgver:\"0.12.3+noroms-0ubuntu9.9\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"qemu-kvm-extras\", pkgver:\"0.12.3+noroms-0ubuntu9.9\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"qemu-kvm-extras-static\", pkgver:\"0.12.3+noroms-0ubuntu9.9\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"qemu-kvm\", pkgver:\"0.12.5+noroms-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"qemu-kvm-extras\", pkgver:\"0.12.5+noroms-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"qemu-kvm-extras-static\", pkgver:\"0.12.5+noroms-0ubuntu7.5\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"qemu-kvm\", pkgver:\"0.14.0+noroms-0ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm / qemu-kvm-extras / qemu-kvm-extras-static\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:34:35", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\ncomponent for running virtual machines using KVM.\n\nIt was found that the virtio-blk driver in qemu-kvm did not properly\nvalidate read and write requests from guests. A privileged guest user\ncould use this flaw to crash the guest or, possibly, execute arbitrary\ncode on the host. (CVE-2011-1750)\n\nIt was found that the PIIX4 Power Management emulation layer in\nqemu-kvm did not properly check for hot plug eligibility during device\nremovals. A privileged guest user could use this flaw to crash the\nguest or, possibly, execute arbitrary code on the host.\n(CVE-2011-1751)\n\nThis update also fixes several bugs and adds various enhancements.\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to resolve these issues, and fix the bugs\nand add the enhancements.\n\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.", "edition": 23, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : qemu-kvm on SL6.x x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "modified": "2021-01-02T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110519_QEMU_KVM_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61047", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61047);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:19\");\n\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\");\n\n script_name(english:\"Scientific Linux Security Update : qemu-kvm on SL6.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"KVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\ncomponent for running virtual machines using KVM.\n\nIt was found that the virtio-blk driver in qemu-kvm did not properly\nvalidate read and write requests from guests. A privileged guest user\ncould use this flaw to crash the guest or, possibly, execute arbitrary\ncode on the host. (CVE-2011-1750)\n\nIt was found that the PIIX4 Power Management emulation layer in\nqemu-kvm did not properly check for hot plug eligibility during device\nremovals. A privileged guest user could use this flaw to crash the\nguest or, possibly, execute arbitrary code on the host.\n(CVE-2011-1751)\n\nThis update also fixes several bugs and adds various enhancements.\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to resolve these issues, and fix the bugs\nand add the enhancements.\n\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1107&L=scientific-linux-errata&T=0&P=543\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19ff8094\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected qemu-img, qemu-kvm and / or qemu-kvm-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.160.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.160.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.160.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:56:29", "description": "By causing a hot-unplug of the pci-isa bridge from within guests the\nqemu process could access already freed memory. A privileged user\ninside the guest could exploit that to crash the guest instance or\npotentially execute arbitrary code on the host (CVE-2011-1751).\n\nThe virtio-blk driver did not properly validate read and write\nrequest. A privileged user inside the guest could exploit that to\ncause a heap corruption and crash the guest instance or potentially\nexecute arbitrary code on the host (CVE-2011-1750).", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : kvm (openSUSE-SU-2011:0510-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:kvm-debuginfo", "p-cpe:/a:novell:opensuse:kvm-debugsource", "p-cpe:/a:novell:opensuse:kvm"], "id": "SUSE_11_4_KVM-110518.NASL", "href": "https://www.tenable.com/plugins/nessus/75887", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kvm-4582.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75887);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2011-1750\", \"CVE-2011-1751\");\n\n script_name(english:\"openSUSE Security Update : kvm (openSUSE-SU-2011:0510-1)\");\n script_summary(english:\"Check for the kvm-4582 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"By causing a hot-unplug of the pci-isa bridge from within guests the\nqemu process could access already freed memory. A privileged user\ninside the guest could exploit that to crash the guest instance or\npotentially execute arbitrary code on the host (CVE-2011-1751).\n\nThe virtio-blk driver did not properly validate read and write\nrequest. A privileged user inside the guest could exploit that to\ncause a heap corruption and crash the guest instance or potentially\nexecute arbitrary code on the host (CVE-2011-1750).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=690781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kvm-0.14.0.0-1.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kvm-debuginfo-0.14.0.0-1.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kvm-debugsource-0.14.0.0-1.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm / kvm-debuginfo / kvm-debugsource\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:55:20", "description": "A privileged guest user could cause a buffer overflow in the virtio\nsubsystem of the host, therefore crashing the guest or potentially\nexecute arbitrary code on the host (CVE-2011-2212, CVE-2011-2512).", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : kvm (openSUSE-SU-2011:0803-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2212", "CVE-2011-2512"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kvm", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_KVM-110711.NASL", "href": "https://www.tenable.com/plugins/nessus/75567", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kvm-4863.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75567);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:41\");\n\n script_cve_id(\"CVE-2011-2212\", \"CVE-2011-2512\");\n script_bugtraq_id(48499, 48574);\n\n script_name(english:\"openSUSE Security Update : kvm (openSUSE-SU-2011:0803-1)\");\n script_summary(english:\"Check for the kvm-4863 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A privileged guest user could cause a buffer overflow in the virtio\nsubsystem of the host, therefore crashing the guest or potentially\nexecute arbitrary code on the host (CVE-2011-2212, CVE-2011-2512).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=701161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-07/msg00025.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kvm-0.12.5-1.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:00:34", "description": "A privileged guest user could cause a buffer overflow in the virtio\nsubsystem of the host, therefore crashing the guest or potentially\nexecute arbitrary code on the host. (CVE-2011-2212 / CVE-2011-2512)", "edition": 22, "published": "2011-07-19T00:00:00", "title": "SuSE 11.1 Security Update : KVM (SAT Patch Number 4814)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2212", "CVE-2011-2512"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:kvm", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_KVM-110630.NASL", "href": "https://www.tenable.com/plugins/nessus/55620", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55620);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2011-2212\", \"CVE-2011-2512\");\n\n script_name(english:\"SuSE 11.1 Security Update : KVM (SAT Patch Number 4814)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A privileged guest user could cause a buffer overflow in the virtio\nsubsystem of the host, therefore crashing the guest or potentially\nexecute arbitrary code on the host. (CVE-2011-2212 / CVE-2011-2512)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=626654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=695766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=701161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2212.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2512.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4814.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kvm-0.12.5-1.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kvm-0.12.5-1.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kvm-0.12.5-1.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kvm-0.12.5-1.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:59:31", "description": "Updated qemu-kvm packages that fix two security issues and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\ncomponent for running virtual machines using KVM.\n\nIt was found that the virtio subsystem in qemu-kvm did not properly\nvalidate virtqueue in and out requests from the guest. A privileged\nguest user could use this flaw to trigger a buffer overflow, allowing\nthem to crash the guest (denial of service) or, possibly, escalate\ntheir privileges on the host. (CVE-2011-2212)\n\nIt was found that the virtio_queue_notify() function in qemu-kvm did\nnot perform sufficient input validation on the value later used as an\nindex into the array of virtqueues. An unprivileged guest user could\nuse this flaw to crash the guest (denial of service) or, possibly,\nescalate their privileges on the host. (CVE-2011-2512)\n\nRed Hat would like to thank Nelson Elhage for reporting CVE-2011-2212.\n\nThis update also fixes the following bug :\n\n* A bug was found in the way vhost (in qemu-kvm) set up mappings with\nthe host kernel's vhost module. This could result in the host kernel's\nvhost module not having a complete view of a guest system's memory, if\nthat guest had more than 4 GB of memory. Consequently, hot plugging a\nvhost-net network device and restarting the guest may have resulted in\nthat device no longer working. (BZ#701771)\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take\neffect.", "edition": 27, "published": "2013-01-24T00:00:00", "title": "RHEL 6 : qemu-kvm (RHSA-2011:0919)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2212", "CVE-2011-2512"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools", "cpe:/o:redhat:enterprise_linux:6.1", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2011-0919.NASL", "href": "https://www.tenable.com/plugins/nessus/63987", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0919. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63987);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:16\");\n\n script_cve_id(\"CVE-2011-2212\", \"CVE-2011-2512\");\n script_xref(name:\"RHSA\", value:\"2011:0919\");\n\n script_name(english:\"RHEL 6 : qemu-kvm (RHSA-2011:0919)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm packages that fix two security issues and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\ncomponent for running virtual machines using KVM.\n\nIt was found that the virtio subsystem in qemu-kvm did not properly\nvalidate virtqueue in and out requests from the guest. A privileged\nguest user could use this flaw to trigger a buffer overflow, allowing\nthem to crash the guest (denial of service) or, possibly, escalate\ntheir privileges on the host. (CVE-2011-2212)\n\nIt was found that the virtio_queue_notify() function in qemu-kvm did\nnot perform sufficient input validation on the value later used as an\nindex into the array of virtqueues. An unprivileged guest user could\nuse this flaw to crash the guest (denial of service) or, possibly,\nescalate their privileges on the host. (CVE-2011-2512)\n\nRed Hat would like to thank Nelson Elhage for reporting CVE-2011-2212.\n\nThis update also fixes the following bug :\n\n* A bug was found in the way vhost (in qemu-kvm) set up mappings with\nthe host kernel's vhost module. This could result in the host kernel's\nvhost module not having a complete view of a guest system's memory, if\nthat guest had more than 4 GB of memory. Consequently, hot plugging a\nvhost-net network device and restarting the guest may have resulted in\nthat device no longer working. (BZ#701771)\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0919\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0919\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.160.el6_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.160.el6_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.160.el6_1.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-debuginfo / qemu-kvm-tools\");\n }\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-10-03T11:39:27", "description": "Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.", "edition": 3, "cvss3": {}, "published": "2012-06-21T15:55:00", "title": "CVE-2011-1750", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1750"], "modified": "2017-08-17T01:34:00", "cpe": ["cpe:/a:qemu:qemu:0.14.0"], "id": "CVE-2011-1750", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1750", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:04", "description": "The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.", "edition": 3, "cvss3": {}, "published": "2012-08-07T20:55:00", "title": "CVE-2012-2652", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2652"], "modified": "2014-03-06T04:37:00", "cpe": ["cpe:/a:qemu:qemu:1.0"], "id": "CVE-2012-2652", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2652", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:08", "description": "The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.", "edition": 5, "cvss3": {}, "published": "2012-06-21T15:55:00", "title": "CVE-2011-2512", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2512"], "modified": "2016-12-08T03:02:00", "cpe": ["cpe:/a:kvm_group:qemu-kvm:0.14.0", "cpe:/a:kvm_group:qemu-kvm:0.12"], "id": "CVE-2011-2512", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2512", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:kvm_group:qemu-kvm:0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:kvm_group:qemu-kvm:0.12:*:*:*:*:*:*:*"]}, {"lastseen": "2020-11-03T12:47:01", "description": "The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to \"active qemu timers.\"", "edition": 4, "cvss3": {}, "published": "2012-06-21T15:55:00", "title": "CVE-2011-1751", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1751"], "modified": "2020-11-02T14:39:00", "cpe": ["cpe:/a:qemu:qemu:0.11.0", "cpe:/a:qemu:qemu:0.12.3", "cpe:/a:qemu:qemu:0.4.3", "cpe:/a:qemu:qemu:1.0.1", "cpe:/a:qemu:qemu:0.9.1", "cpe:/a:qemu:qemu:0.1.1", "cpe:/a:qemu:qemu:0.10.1", "cpe:/a:qemu:qemu:0.5.3", "cpe:/a:qemu:qemu:0.11.0-rc2", "cpe:/a:qemu:qemu:0.12.5", "cpe:/a:qemu:qemu:0.11.0-rc0", "cpe:/a:qemu:qemu:0.11.0-rc1", "cpe:/a:qemu:qemu:0.1.3", "cpe:/a:qemu:qemu:0.8.1", "cpe:/a:qemu:qemu:1.0", "cpe:/a:qemu:qemu:0.2.0", "cpe:/a:qemu:qemu:0.10.2", "cpe:/a:qemu:qemu:0.12.2", "cpe:/a:qemu:qemu:0.5.4", "cpe:/a:qemu:qemu:0.1.2", "cpe:/a:qemu:qemu:0.5.1", "cpe:/a:qemu:qemu:0.5.5", "cpe:/a:qemu:qemu:0.3.0", "cpe:/a:qemu:qemu:0.4.2", "cpe:/a:qemu:qemu:0.5.0", "cpe:/a:qemu:qemu:0.7.0", "cpe:/a:qemu:qemu:0.9.1-5", "cpe:/a:qemu:qemu:0.1.4", "cpe:/a:qemu:qemu:0.10.3", "cpe:/a:qemu:qemu:0.6.0", "cpe:/a:qemu:qemu:0.15.0", "cpe:/a:qemu:qemu:0.1.0", "cpe:/a:qemu:qemu:0.10.5", "cpe:/a:qemu:qemu:0.6.1", "cpe:/a:qemu:qemu:0.10.6", "cpe:/a:qemu:qemu:0.11.1", "cpe:/a:qemu:qemu:0.1.6", "cpe:/a:qemu:qemu:0.14.0", "cpe:/a:qemu:qemu:0.12.1", "cpe:/a:qemu:qemu:0.9.0", "cpe:/a:qemu:qemu:0.10.0", "cpe:/a:qemu:qemu:0.1.5", "cpe:/a:qemu:qemu:0.5.2", "cpe:/a:qemu:qemu:0.4.0", "cpe:/a:qemu:qemu:0.13.0", "cpe:/a:qemu:qemu:0.8.2", "cpe:/a:qemu:qemu:0.7.1", "cpe:/a:qemu:qemu:0.8.0", "cpe:/a:qemu:qemu:0.14.1", "cpe:/a:qemu:qemu:0.10.4", "cpe:/a:qemu:qemu:0.12.0", "cpe:/a:qemu:qemu:0.12.4", "cpe:/a:qemu:qemu:1.1", "cpe:/a:qemu:qemu:0.4.1", "cpe:/a:qemu:qemu:0.7.2"], "id": "CVE-2011-1751", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1751", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.15.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.13.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.15.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:07", "description": "Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to \"virtqueue in and out requests.\"", "edition": 6, "cvss3": {}, "published": "2012-06-21T15:55:00", "title": "CVE-2011-2212", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2212"], "modified": "2020-11-02T14:39:00", "cpe": ["cpe:/a:qemu:qemu:0.11.0", "cpe:/a:qemu:qemu:0.12.3", "cpe:/a:qemu:qemu:0.4.3", "cpe:/a:qemu:qemu:0.9.1", "cpe:/a:qemu:qemu:0.1.1", "cpe:/a:qemu:qemu:0.10.1", "cpe:/a:qemu:qemu:0.5.3", "cpe:/a:qemu:qemu:0.11.0-rc2", "cpe:/a:qemu:qemu:0.12.5", "cpe:/a:qemu:qemu:0.11.0-rc0", "cpe:/a:qemu:qemu:0.11.0-rc1", "cpe:/a:qemu:qemu:0.1.3", "cpe:/a:qemu:qemu:0.8.1", "cpe:/a:qemu:qemu:0.2.0", "cpe:/a:qemu:qemu:0.10.2", "cpe:/a:qemu:qemu:0.12.2", "cpe:/a:qemu:qemu:0.5.4", "cpe:/a:qemu:qemu:0.1.2", "cpe:/a:qemu:qemu:0.5.1", "cpe:/a:qemu:qemu:0.5.5", "cpe:/a:qemu:qemu:0.3.0", "cpe:/a:qemu:qemu:0.4.2", "cpe:/a:qemu:qemu:0.5.0", "cpe:/a:qemu:qemu:0.7.0", "cpe:/a:qemu:qemu:0.9.1-5", "cpe:/a:qemu:qemu:0.1.4", "cpe:/a:qemu:qemu:0.10.3", "cpe:/a:qemu:qemu:0.6.0", "cpe:/a:qemu:qemu:0.1.0", "cpe:/a:qemu:qemu:0.10.5", "cpe:/a:qemu:qemu:0.6.1", "cpe:/a:qemu:qemu:0.10.6", "cpe:/a:qemu:qemu:0.11.1", "cpe:/a:qemu:qemu:0.1.6", "cpe:/a:qemu:qemu:0.14.0", "cpe:/a:qemu:qemu:0.12.1", "cpe:/a:qemu:qemu:0.9.0", "cpe:/a:qemu:qemu:0.10.0", "cpe:/a:qemu:qemu:0.1.5", "cpe:/a:qemu:qemu:0.5.2", "cpe:/a:qemu:qemu:0.4.0", "cpe:/a:qemu:qemu:0.13.0", "cpe:/a:qemu:qemu:0.8.2", "cpe:/a:qemu:qemu:0.7.1", "cpe:/a:qemu:qemu:0.8.0", "cpe:/a:qemu:qemu:0.10.4", "cpe:/a:qemu:qemu:0.12.0", "cpe:/a:qemu:qemu:0.12.4", "cpe:/a:qemu:qemu:0.4.1", "cpe:/a:qemu:qemu:0.7.2"], "id": "CVE-2011-2212", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2212", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.13.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.14.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:0.11.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:05:58", "description": "Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.", "edition": 3, "cvss3": {}, "published": "2012-01-27T15:55:00", "title": "CVE-2012-0029", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0029"], "modified": "2017-08-29T01:30:00", "cpe": ["cpe:/a:kvm_group:qemu-kvm:0.12"], "id": "CVE-2012-0029", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0029", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:kvm_group:qemu-kvm:0.12:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2019-05-30T02:23:02", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2784", "CVE-2011-2512", "CVE-2011-1750", "CVE-2011-1751", "CVE-2011-0011"], "description": "Michael Tokarev uploaded new packages for qemu-kvm\nwhich fixed the following security issues:\n\nCVE-2011-0011\n\n Setting the VNC password to an empty string silently disabled\n all authentication.\n\nCVE-2011-1750\n\n The virtio-blk driver performed insufficient validation of\n read/write I/O from the guest instance, which could lead to\n denial of service or privilege escalation.\n\nCVE-2011-1751\n\n Incorrect memory handling during the removal of ISA devices in KVM\n could lead to denial of service of the execution of arbitrary code.\n\nCVE-2011-2512\n\n incorrect sanitising of virtio queue commands in KVM could\n lead to denial of service of the execution of arbitrary code.\n\nCVE-2010-2784\n\n The subpage MMIO initialization functionality in the subpage_register\n function in exec.c in KVM does not properly select the index for\n access to the callback array, which allows guest OS users to cause\n a denial of service (guest OS crash) or possibly gain privileges via\n unspecified vectors.\n\nFor the lenny-backports distribution the problem has been fixed\nin version 0.12.5+dfsg-5+squeeze4~bpo50+1.\n\nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n[1] <http://backports.debian.org/Instructions>\n\nWe recommend to pin (in /etc/apt/preferences) the backports repository to\n200 so that new versions of installed backports will be installed\nautomatically.\n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n\nWe recommend that you upgrade your qemu-kvm packages.\n", "edition": 2, "modified": "2011-07-07T09:45:54", "published": "2011-07-07T09:45:54", "id": "DEBIAN:BSA-039:B3390", "href": "https://lists.debian.org/debian-backports-announce/2011/debian-backports-announce-201107/msg00002.html", "title": "[BSA-039] Security Update for qemu-kvm", "type": "debian", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2512"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2270-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 01, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu-kvm\nVulnerability : programming error\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2011-2512 \nDebian Bug : 631975\n\nIt was discovered that incorrect sanitising of virtio queue commands in \nKVM, a solution for full virtualization on x86 hardware, could lead to \ndenial of service of the execution of arbitrary code.\n\n\nThe oldstable distribution (lenny) is not affected by this problem.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.14.1+dfsg-2.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-07-01T21:06:18", "published": "2011-07-01T21:06:18", "id": "DEBIAN:DSA-2270-1:25AA0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00142.html", "title": "[SECURITY] [DSA 2270-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:16:33", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1751"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2241-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 24, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu-kvm\nVulnerability : implementation error\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2011-1751 \n\nNelson Elhage discovered that incorrect memory handling during the \nremoval of ISA devices in KVM, a solution for full virtualization on\nx86 hardware, could lead to denial of service of the execution of \narbitrary code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze2.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-05-24T21:18:11", "published": "2011-05-24T21:18:11", "id": "DEBIAN:DSA-2241-1:E59FF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00110.html", "title": "[SECURITY] [DSA 2241-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2404-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nFebruary 05, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen-qemu-dm-4.0\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0029\n\nNicolae Mogoraenu discovered a heap overflow in the emulated e1000e\nnetwork interface card of QEMU, which is used in the xen-qemu-dm-4.0\npackages. This vulnerability might enable to malicious guest systems\nto crash the host system or escalate their privileges.\n\nThe old stable distribution (lenny) does not contain the\nxen-qemu-dm-4.0 package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.0.1-2+squeeze1.\n\nThe testing distribution (wheezy) and the unstable distribution (sid)\nwill be fixed soon.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2012-02-05T12:47:49", "published": "2012-02-05T12:47:49", "id": "DEBIAN:DSA-2404-1:77187", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00030.html", "title": "[SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update", "type": "debian", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:30:15", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2396-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 27, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu-kvm\nVulnerability : buffer underflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0029 \n\nNicolae Mogoraenu discovered a heap overflow in the emulated e1000e\nnetwork interface card of KVM, a solution for full virtualization on \nx86 hardware, which could result in denial of service or privilege\nescalation.\n\nThis update also fixes a guest-triggerable memory corruption in \nVNC handling.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze8. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0+dfsg-5.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-01-27T18:54:07", "published": "2012-01-27T18:54:07", "id": "DEBIAN:DSA-2396-1:86D57", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00020.html", "title": "[SECURITY] [DSA 2396-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:07", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component\nfor running virtual machines using KVM.\n\nIt was found that the virtio-blk driver in qemu-kvm did not properly\nvalidate read and write requests from guests. A privileged guest user could\nuse this flaw to crash the guest or, possibly, execute arbitrary code on\nthe host. (CVE-2011-1750)\n\nIt was found that the PIIX4 Power Management emulation layer in qemu-kvm\ndid not properly check for hot plug eligibility during device removals. A\nprivileged guest user could use this flaw to crash the guest or, possibly,\nexecute arbitrary code on the host. (CVE-2011-1751)\n\nRed Hat would like to thank Nelson Elhage for reporting CVE-2011-1751.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document, linked to in the References\nsection.\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to resolve these issues, and fix the bugs and\nadd the enhancements noted in the Technical Notes. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "modified": "2018-06-06T20:24:25", "published": "2011-05-19T04:00:00", "id": "RHSA-2011:0534", "href": "https://access.redhat.com/errata/RHSA-2011:0534", "type": "redhat", "title": "(RHSA-2011:0534) Important: qemu-kvm security, bug fix, and enhancement update", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:04", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2212", "CVE-2011-2512"], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component\nfor running virtual machines using KVM.\n\nIt was found that the virtio subsystem in qemu-kvm did not properly\nvalidate virtqueue in and out requests from the guest. A privileged guest\nuser could use this flaw to trigger a buffer overflow, allowing them to\ncrash the guest (denial of service) or, possibly, escalate their privileges\non the host. (CVE-2011-2212)\n\nIt was found that the virtio_queue_notify() function in qemu-kvm did not\nperform sufficient input validation on the value later used as an index\ninto the array of virtqueues. An unprivileged guest user could use this\nflaw to crash the guest (denial of service) or, possibly, escalate their\nprivileges on the host. (CVE-2011-2512)\n\nRed Hat would like to thank Nelson Elhage for reporting CVE-2011-2212.\n\nThis update also fixes the following bug:\n\n* A bug was found in the way vhost (in qemu-kvm) set up mappings with the\nhost kernel's vhost module. This could result in the host kernel's vhost\nmodule not having a complete view of a guest system's memory, if that guest\nhad more than 4 GB of memory. Consequently, hot plugging a vhost-net\nnetwork device and restarting the guest may have resulted in that device no\nlonger working. (BZ#701771)\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "modified": "2018-06-06T20:24:29", "published": "2011-07-05T04:00:00", "id": "RHSA-2011:0919", "href": "https://access.redhat.com/errata/RHSA-2011:0919", "type": "redhat", "title": "(RHSA-2011:0919) Important: qemu-kvm security and bug fix update", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:03", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029"], "description": "The xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nA heap overflow flaw was found in the way QEMU emulated the e1000 network\ninterface card. A privileged guest user in a virtual machine whose network\ninterface is configured to use the e1000 emulated driver could use this\nflaw to crash QEMU or, possibly, escalate their privileges on the host.\n(CVE-2012-0029)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Adding support for jumbo frames introduced incorrect network device\nexpansion when a bridge is created. The expansion worked correctly with the\ndefault configuration, but could have caused network setup failures when a\nuser-defined network script was used. This update changes the expansion so\nnetwork setup will not fail, even when a user-defined network script is\nused. (BZ#797191)\n\n* A bug was found in xenconsoled, the Xen hypervisor console daemon. If\ntimestamp logging for this daemon was enabled (using both the\nXENCONSOLED_TIMESTAMP_HYPERVISOR_LOG and XENCONSOLED_TIMESTAMP_GUEST_LOG\noptions in \"/etc/sysconfig/xend\"), xenconsoled could crash if the guest\nemitted a lot of information to its serial console in a short period of\ntime. Eventually, the guest would freeze after the console buffer was\nfilled due to the crashed xenconsoled. Timestamp logging is disabled by\ndefault. (BZ#797836)\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2017-09-08T12:19:42", "published": "2012-03-07T05:00:00", "id": "RHSA-2012:0370", "href": "https://access.redhat.com/errata/RHSA-2012:0370", "type": "redhat", "title": "(RHSA-2012:0370) Important: xen security and bug fix update", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:27:42", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1750", "CVE-2011-1751"], "description": "It was discovered that QEMU did not properly perform validation of I/O \noperations from the guest which could lead to heap corruption. An attacker \ncould exploit this to cause a denial of service of the guest or possibly \nexecute code with the privileges of the user invoking the program. \n(CVE-2011-1750)\n\nNelson Elhage discoverd that QEMU did not properly handle memory when \nremoving ISA devices. An attacker could exploit this to cause a denial of \nservice of the guest or possibly execute code with the privileges of the \nuser invoking the program. (CVE-2011-1751)\n\nWhen using QEMU with libvirt or virtualization management software based on \nlibvirt such as Eucalyptus and OpenStack, QEMU guests are individually isolated \nby an AppArmor profile by default in Ubuntu.", "edition": 5, "modified": "2011-06-09T00:00:00", "published": "2011-06-09T00:00:00", "id": "USN-1145-1", "href": "https://ubuntu.com/security/notices/USN-1145-1", "title": "QEMU vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:25:29", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2212", "CVE-2011-2512"], "description": "Nelson Elhage discoverd that QEMU did not properly validate certain \nvirtqueue requests from the guest. An attacker could exploit this to cause \na denial of service of the guest or possibly execute code with the \nprivileges of the user invoking the program. (CVE-2011-2212)\n\nStefan Hajnoczi discovered that QEMU did not properly perform integer \ncomparisons when performing virtqueue input validation. An attacker could \nexploit this to cause a denial of service of the guest or possibly execute \ncode with the privileges of the user invoking the program. (CVE-2011-2512)\n\nWhen using QEMU with libvirt or virtualization management software based on \nlibvirt such as Eucalyptus and OpenStack, QEMU guests are individually \nisolated by an AppArmor profile by default in Ubuntu.", "edition": 5, "modified": "2011-07-06T00:00:00", "published": "2011-07-06T00:00:00", "id": "USN-1165-1", "href": "https://ubuntu.com/security/notices/USN-1165-1", "title": "QEMU vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:34:01", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2652"], "description": "It was discovered that QEMU incorrectly handled temporary files when \ncreating a snapshot. A local attacker could use this flaw to possibly \noverwrite files with root privilege, or obtain sensitive information from \nthe guest.", "edition": 5, "modified": "2012-08-02T00:00:00", "published": "2012-08-02T00:00:00", "id": "USN-1522-1", "href": "https://ubuntu.com/security/notices/USN-1522-1", "title": "QEMU vulnerability", "type": "ubuntu", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-09T00:24:30", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029"], "description": "Nicolae Mogoreanu discovered that QEMU did not properly verify legacy mode \npackets in the e1000 network driver. A remote attacker could exploit this \nto cause a denial of service or possibly execute code with the privileges \nof the user invoking the program.\n\nWhen using QEMU with libvirt or virtualization management software based on \nlibvirt such as Eucalyptus and OpenStack, QEMU guests are individually \nisolated by an AppArmor profile by default in Ubuntu.", "edition": 5, "modified": "2012-01-23T00:00:00", "published": "2012-01-23T00:00:00", "id": "USN-1339-1", "href": "https://ubuntu.com/security/notices/USN-1339-1", "title": "QEMU vulnerability", "type": "ubuntu", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:07:54", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2212", "CVE-2011-2512"], "description": "A privileged guest user could cause a buffer overflow in\n the virtio subsystem of the host, therefore crashing the\n guest or potentially execute arbitrary code on the host\n (CVE-2011-2212, CVE-2011-2512).\n", "edition": 1, "modified": "2011-07-19T07:08:26", "published": "2011-07-19T07:08:26", "id": "SUSE-SU-2011:0806-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00008.html", "title": "Security update for KVM (critical)", "type": "suse", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:18", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2212", "CVE-2011-2512"], "edition": 1, "description": "A privileged guest user could cause a buffer overflow in\n the virtio subsystem of the host, therefore crashing the\n guest or potentially execute arbitrary code on the host\n (CVE-2011-2212, CVE-2011-2512).\n\n", "modified": "2011-07-19T05:08:14", "published": "2011-07-19T05:08:14", "id": "OPENSUSE-SU-2011:0803-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html", "type": "suse", "title": "kvm (important)", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2212", "CVE-2011-2512"], "description": "[qemu-kvm-0.12.1.2-2.160.el6_1.2]\n- kvm-virtio-guard-against-negative-vq-notifies.patch [bz#717403]\n- Resolves: bz#717403\n (qemu-kvm: OOB memory access caused by negative vq notifies [rhel-6.1.z])\n[qemu-kvm-0.12.1.2-2.160.el6_1]\n- kvm-Fix-phys-memory-client-pass-guest-physical-address-n.patch [bz#701771]\n- kvm-virtio-prevent-indirect-descriptor-buffer-overflow.patch [bz#713592]\n- Resolves: bz#701771\n (Fix phys memory client for vhost)\n- Resolves: bz#713592\n (EMBARGOED CVE-2011-2212 virtqueue: too-large indirect descriptor buffer overflow [rhel-6.1.z])", "edition": 4, "modified": "2011-07-05T00:00:00", "published": "2011-07-05T00:00:00", "id": "ELSA-2011-0919", "href": "http://linux.oracle.com/errata/ELSA-2011-0919.html", "title": "qemu-kvm security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1750", "CVE-2011-1751", "CVE-2011-0011"], "description": "[qemu-kvm-0.12.1.2-2.160.el6]\n- kvm-virtio-blk-fail-unaligned-requests.patch [bz#698910]\n- kvm-Ignore-pci-unplug-requests-for-unpluggable-devices.patch [bz#699789]\n- Resolves: bz#698910\n (CVE-2011-1750 virtio-blk: heap buffer overflow caused by unaligned requests [rhel-6.1])\n- Resolves: bz#699789\n (CVE-2011-1751 acpi_piix4: missing hotplug check during device removal [rhel-6.1])\n[qemu-kvm-0.12.1.2-2.159.el6]\n- kvm-acpi_piix4-Maintain-RHEL6.0-migration.patch [bz#694095]\n- Resolves: bz#694095\n (Migration fails when migrate guest from RHEL6.1 host to RHEL6 host with the same libvirt version)\n[qemu-kvm-0.12.1.2-2.158.el6]\n- kvm-bz-691704-vhost-skip-VGA-memory-regions.patch [bz#691704]\n- kvm-ide-atapi-add-support-for-GET-EVENT-STATUS-NOTIFICAT.patch [bz#558256]\n- kvm-atapi-Allow-GET_EVENT_STATUS_NOTIFICATION-after-medi.patch [bz#558256]\n- kvm-atapi-Move-GET_EVENT_STATUS_NOTIFICATION-command-han.patch [bz#558256]\n- kvm-atapi-GESN-Use-structs-for-commonly-used-field-types.patch [bz#558256]\n- kvm-atapi-GESN-Standardise-event-response-handling-for-f.patch [bz#558256]\n- kvm-atapi-GESN-implement-media-subcommand.patch [bz#558256]\n- Resolves: bz#558256\n (rhel6 disk not detected first time in install)\n- Resolves: bz#691704\n (Failed to boot up windows guest with huge memory and cpu and vhost=on within 30 mins)\n[qemu-kvm-0.12.1.2-2.157.el6]\n- kvm-qemu-img-rebase-Fix-read-only-new-backing-file.patch [bz#693741]\n- kvm-floppy-save-and-restore-DIR-register.patch [bz#681777]\n- kvm-block-Do-not-cache-device-size-for-removable-media.patch [bz#687900]\n- kvm-cdrom-Allow-the-TEST_UNIT_READY-command-after-a-cdro.patch [bz#683877]\n- kvm-cdrom-Make-disc-change-event-visible-to-guests.patch [bz#683877]\n- Resolves: bz#681777\n (floppy I/O error after live migration while floppy in use)\n- Resolves: bz#683877\n (RHEL6 guests fail to update cdrom block size on media change)\n- Resolves: bz#687900\n (qemu host cdrom support not properly updating guests on media changes at physical CD/DVD drives)\n- Resolves: bz#693741\n (qemu-img re-base fail with read-only new backing file)\n[qemu-kvm-0.12.1.2-2.156.el6]\n- kvm-Revert-net-socket-allow-ipv6-for-net_socket_listen_i.patch [bz#680356]\n- kvm-Revert-Use-getaddrinfo-for-migration.patch [bz#680356]\n- Related: bz#680356\n (Live migration failed in ipv6 environment)\n- Fixes bz#694196\n (RHEL 6.1 qemu-kvm: Specifying ipv6 addresses breaks migration)\n[qemu-kvm-0.12.1.2-2.155.el6]\n- kvm-configure-fix-out-of-tree-build-with-enable-spice.patch [bz#641833]\n- kvm-ccid-card-emulated-replace-DEFINE_PROP_ENUM-with-DEF.patch [bz#641833]\n- kvm-Revert-qdev-properties-add-PROP_TYPE_ENUM.patch [bz#641833]\n- kvm-Revert-qdev-add-data-pointer-to-Property.patch [bz#641833]\n- kvm-Revert-qdev-add-print_options-callback.patch [bz#641833]\n- kvm-ccid-v18_upstream-v25-cleanup.patch [bz#641833]\n- kvm-libcacard-vscard_common.h-upstream-v18-v25-diff.patch [bz#641833]\n- kvm-ccid-card-passthru-upstream-v18-upstream-v25-diff.patch [bz#641833]\n- kvm-qemu-thread-add-qemu_mutex-cond_destroy-and-qemu_mut.patch [bz#641833]\n- kvm-adding-qemu-thread.o-to-obj-y.patch [bz#641833]\n- kvm-ccid-card-emulated-v18-v25.patch [bz#641833]\n- kvm-libcacard-v18-upstream-v25.patch [bz#641833]\n- Resolves: bz#641833\n (Spice CAC support - qemu)\n[qemu-kvm-0.12.1.2-2.154.el6]\n- kvm-add-a-service-to-reap-zombies-use-it-in-SLIRP.patch [bz#678524]\n- kvm-Don-t-allow-multiwrites-against-a-block-device-witho.patch [bz#654682]\n- kvm-Do-not-delete-BlockDriverState-when-deleting-the-dri.patch [bz#654682]\n- kvm-virtio-serial-don-t-crash-on-invalid-input.patch [bz#690174]\n- Resolves: bz#678524\n (Exec based migration randomly fails, particularly under high load)\n- Resolves: bz#690174\n (virtio-serial qemu-kvm crash on invalid input in migration)\n- Resolves: bz#654682\n (drive_del command to let libvirt safely remove block device from guest)\n[qemu-kvm-0.12.1.2-2.153.el6]\n- kvm-Revert-spice-qxl-locking-fix-for-qemu-kvm.patch [bz#678208]\n- kvm-qxl-spice-display-move-pipe-to-ssd.patch [bz#678208]\n- kvm-qxl-implement-get_command-in-vga-mode-without-locks.patch [bz#678208]\n- kvm-qxl-spice-remove-qemu_mutex_-un-lock_iothread-around.patch [bz#678208]\n- kvm-hw-qxl-render-drop-cursor-locks-replace-with-pipe.patch [bz#678208]\n- kvm-spice-qemu-char.c-add-throttling.patch [bz#672191]\n- kvm-spice-qemu-char.c-remove-intermediate-buffer.patch [bz#672191]\n- kvm-spice-qemu-char-Fix-flow-control-in-client-guest-dir.patch [bz#672191]\n- kvm-chardev-Allow-frontends-to-notify-backends-of-guest-.patch [bz#688572]\n- kvm-virtio-console-notify-backend-of-guest-open-close.patch [bz#688572]\n- kvm-spice-chardev-listen-to-frontend-guest-open-close.patch [bz#688572]\n- kvm-Fix-performance-regression-in-qemu_get_ram_ptr.patch [bz#690267]\n- kvm-virtio-pci-fix-bus-master-work-around-on-load.patch [bz#682243]\n- kvm-Use-getaddrinfo-for-migration.patch [bz#680356]\n- kvm-net-socket-allow-ipv6-for-net_socket_listen_init-and.patch [bz#680356]\n- kvm-block-Fix-serial-number-assignment.patch [bz#688058]\n- Resolves: bz#672191\n (spicevmc: flow control on the spice agent channel is missing in both directions)\n- Resolves: bz#678208\n (qemu-kvm hangs when installing guest with -spice option)\n- Resolves: bz#680356\n (Live migration failed in ipv6 environment)\n- Resolves: bz#682243\n ([KVM] pci hotplug after migration breaks virtio_net.)\n- Resolves: bz#688058\n (Drive serial number gets truncated)\n- Resolves: bz#688572\n (spice-server does not switch back to server mouse mode if guest spice-agent dies.)\n- Resolves: bz#690267\n (Backport qemu_get_ram_ptr() performance improvement)\n- Related: bz#672191\n (spicevmc: flow control on the spice agent channel is missing in both directions)\n[qemu-kvm-0.12.1.2-2.152.el6]\n- kvm-device-assignment-register-a-reset-function.patch [bz#685147]\n- kvm-device-assignment-Reset-device-on-system-reset.patch [bz#685147]\n- Resolves: bz#685147\n (guest with assigned nic got kernel panic when send system_reset signal in QEMU monitor)\n[qemu-kvm-0.12.1.2-2.151.el6]\n- kvm-net-Add-the-missing-option-declaration-of-vhostforce.patch [bz#683295]\n- kvm-vhost-fix-dirty-page-handling.patch [bz#684076]\n- kvm-block-qcow2.c-rename-qcow_-functions-to-qcow2_.patch [bz#688119]\n- kvm-Add-proper-errno-error-return-values-to-qcow2_open.patch [bz#688119]\n- kvm-QCOW2-bug-fix-read-base-image-beyond-its-size.patch [bz#688147]\n- kvm-qcow2-Fix-error-handling-for-immediate-backing-file-.patch [bz#688146]\n- kvm-qcow2-Fix-error-handling-for-reading-compressed-clus.patch [bz#688146]\n- kvm-qerror-Add-QERR_UNKNOWN_BLOCK_FORMAT_FEATURE.patch [bz#688119]\n- kvm-qcow2-Report-error-for-version-2.patch [bz#688119]\n- kvm-qcow2-Fix-order-in-L2-table-COW.patch [bz#688146]\n- kvm-pci-assign-Catch-missing-KVM-support.patch [bz#688428]\n- Resolves: bz#683295\n (qemu-kvm: Invalid parameter 'vhostforce')\n- Resolves: bz#684076\n (Segfault occurred during migration)\n- Resolves: bz#688119\n (qcow2: qcow2_open doesn't return useful errors)\n- Resolves: bz#688146\n (qcow2: Some paths fail to handle I/O errors)\n- Resolves: bz#688147\n (qcow2: Reads fail with backing file smaller than snapshot)\n- Resolves: bz#688428\n (qemu-kvm -no-kvm segfaults on pci_add)\n[qemu-kvm-0.12.1.2-2.150.el6]\n- kvm-Improve-error-handling-in-do_snapshot_blkdev.patch [bz#676529]\n- Resolves: bz#676529\n (core dumped when save snapshot to non-exist disk)\n[qemu-kvm-0.12.1.2-2.149.el6]\n- kvm-Fix-error-message-in-drive_init.patch [bz#607598]\n- kvm-block-Use-error-codes-from-lower-levels-for-error-me.patch [bz#607598]\n- kvm-device-assignment-Don-t-skip-closing-unmapped-resour.patch [bz#680058]\n- Resolves: bz#607598\n (Incorrect & misleading error reporting when failing to open a drive due to block driver whitelist denial)\n- Resolves: bz#680058\n (can't hotplug second vf successful with message 'Too many open files')\n[qemu-kvm-0.12.1.2-2.148.el6]\n- kvm-ide-Make-ide_init_drive-return-success.patch [bz#655735]\n- kvm-ide-Reject-readonly-drives-unless-CD-ROM.patch [bz#655735]\n- kvm-ide-Reject-invalid-CHS-geometry.patch [bz#655735]\n- kvm-Move-KVM-and-Xen-global-flags-to-vl.c.patch [bz#662701]\n- kvm-qemu-kvm-Switch-to-upstream-enable-kvm-semantics.patch [bz#662701]\n- Update BuildRequire for newer spice-server [bz#672035]\n- Resolves: bz#655735\n (qemu-kvm (or libvirt?) permission denied errors when exporting readonly IDE disk to guest)\n- Resolves: bz#662701\n (Option -enable-kvm should exit when KVM is unavailable)\n- Related: bz#672035\n (spice-server: rebase to upstream 0.8 for RHEL-6.1)\n[qemu-kvm-0.12.1.2-2.147.el6]\n- kvm-e1000-clear-EOP-for-multi-buffer-descriptors.patch [bz#678338]\n- kvm-e1000-verify-we-have-buffers-upfront.patch [bz#678338]\n- kvm-tracetool-Add-optional-argument-to-specify-dtrace-pr.patch [bz#672441]\n- kvm-Specify-probe-prefix-to-make-dtrace-probes-use-qemu-.patch [bz#672441]\n- Resolves: bz#672441\n (Tracetool autogenerate qemu-kvm.stp with wrong qemu-kvm path)\n- Resolves: bz#678338\n (e1000 behaving out of spec after increasing MTU)\n[qemu-kvm-0.12.1.2-2.146.el6]\n- kvm-USB-HID-does-not-support-Set_Idle.patch [bz#665025]\n- kvm-add-event-queueing-to-USB-HID.patch [bz#665025]\n- Spec patch to reenable CONFIG_VMMOUSE and CONFIG_VMPORT [bz#616187 (the original feature-disable bug) bz#677712 bz#677712 (the new broken migration bug)]\n- Resolves: bz#665025\n (lost double clicks on slow connections)\n- Resolves: bz#677712\n (disabling vmware device emulation breaks old->new migration)\n[qemu-kvm-0.12.1.2-2.145.el6]\n- kvm-make-tsc-stable-over-migration-and-machine-start.patch [bz#662386]\n- kvm-qemu-kvm-Close-all-block-drivers-on-quit.patch [bz#635527]\n- kvm-net-notify-peer-about-link-status-change.patch [bz#676015]\n- kvm-vhost-disable-on-tap-link-down.patch [bz#676015]\n- kvm-Add-config-devices.h-again.patch [bz#616187]\n- kvm-Add-CONFIG_VMWARE_VGA-v2.patch [bz#616187]\n- kvm-add-CONFIG_VMMOUSE-option-v2.patch [bz#616187]\n- kvm-add-CONFIG_VMPORT-option-v2.patch [bz#616187]\n- kvm-blockdev-Fix-drive_del-not-to-crash-when-drive-is-no.patch [bz#677222]\n- Resolves: bz#616187\n (vmware device emulation enabled but not supported)\n- Resolves: bz#635527\n (KVM:qemu-img re-base poor performance(on local storage) when snapshot to a new disk)\n- Resolves: bz#662386\n (tsc clock breaks migration result stability)\n- Resolves: bz#676015\n[off not working with vhost-net)]\n- Resolves: bz#677222\n (segment fault happens after hot drive add then drive delete)\n- Related: bz#635527\n (KVM:qemu-img re-base poor performance(on local storage) when snapshot to a new disk)\n[qemu-kvm-0.12.1.2-2.144.el6]\n- kvm-V3-Bug-619259-qemu-cpu-check-enforce-should-work-eve.patch [bz#619259]\n- kvm-Bug-675229-Install-of-cpu-x86_64.conf-bombs-for-an-o.patch [bz#675229]\n- kvm-e1000-multi-buffer-packet-support.patch [bz#602205]\n- Resolves: bz#602205\n (Could not ping guest successfully after changing e1000 MTU)\n- Resolves: bz#619259\n (qemu '-cpu [check | enforce ]' should work even when a model name is not specified on the command line)\n- Resolves: bz#675229\n (Install of cpu-x86_64.conf bombs for an out of tree build..)\n[qemu-kvm-0.12.1.2-2.143.el6]\n- kvm-fix-syntax-error-introduced-by-virtio-serial-Disable.patch [bz#588916]\n- Resolves: bz#588916\n (qemu char fixes for nonblocking writes, virtio-console flow control)\n[qemu-kvm-0.12.1.2-2.142.el6]\n- kvm-ide-Remove-redundant-IDEState-member-conf.patch [bz#654682]\n- kvm-ide-Split-ide_init1-off-ide_init2-v2.patch [bz#654682]\n- kvm-ide-Change-ide_init_drive-to-require-valid-dinfo-arg.patch [bz#654682]\n- kvm-ide-Split-non-qdev-code-off-ide_init2.patch [bz#654682]\n- kvm-qdev-Don-t-leak-string-property-value-on-hot-unplug.patch [bz#654682]\n- kvm-blockdev-New-drive_get_by_blockdev-v2.patch [bz#654682]\n- kvm-blockdev-Clean-up-automatic-drive-deletion-v2.patch [bz#654682]\n- kvm-qdev-Decouple-qdev_prop_drive-from-DriveInfo-v2.patch [bz#654682]\n- kvm-block-Catch-attempt-to-attach-multiple-devices-to-a-.patch [bz#654682]\n- kvm-Implement-drive_del-to-decouple-block-removal-from-d.patch [bz#654682]\n- kvm-blockdev-check-dinfo-ptr-before-using-v2.patch [bz#654682]\n- kvm-qcow2-Add-full-image-preallocation-option.patch [bz#634652]\n- kvm-savevm-fix-corruption-in-vmstate_subsection_load.patch [bz#671100]\n- kvm-virtio-serial-Disable-flow-control-for-RHEL-5.0-mach.patch [bz#588916]\n- Resolves: bz#588916\n (qemu char fixes for nonblocking writes, virtio-console flow control)\n- Resolves: bz#634652\n ([RFE] qemu-img qcow2 'pre-allocation' should not only pre-allocate meta-data, but also data)\n- Resolves: bz#654682\n (drive_del command to let libvirt safely remove block device from guest)\n- Resolves: bz#671100\n (possible migration failure due to erroneous interpretation of subsection)\n[qemu-kvm-0.12.1.2-2.141.el6]\n- spec file: symlink to stdvga and vmware vgabios images [bz#638468]\n- Related: bz#638468\n ([qemu-kvm] bochs vga lfb @ 0xe0000000 causes trouble for hot-plug)\n[qemu-kvm-0.12.1.2-2.140.el6]\n- spec file: require new vgabios images (stdvga and vmware) [bz#638468]\n- Related: bz#638468\n ([qemu-kvm] bochs vga lfb @ 0xe0000000 causes trouble for hot-plug)\n[qemu-kvm-0.12.1.2-2.139.el6]\n- kvm-Revert-Drop-qemu_mutex_iothread-during-migration.patch [bz#643970]\n- Related: bz#643970\n (guest migration turns failed by the end (16G + stress load))\n[qemu-kvm-0.12.1.2-2.138.el6]\n- kvm-virtio-console-Factor-out-common-init-between-consol.patch [bz#588916]\n- kvm-virtio-console-Remove-unnecessary-braces.patch [bz#588916]\n- kvm-virtio-serial-Use-a-struct-to-pass-config-informatio.patch [bz#588916]\n- kvm-Fold-send_all-wrapper-unix_write-into-one-function.patch [bz#588916]\n- kvm-char-Add-a-QemuChrHandlers-struct-to-initialise-char.patch [bz#588916]\n- kvm-virtio-serial-move-out-discard-logic-in-a-separate-f.patch [bz#588916]\n- kvm-virtio-serial-Make-sure-virtqueue-is-ready-before-di.patch [bz#588916]\n- kvm-virtio-serial-Don-t-copy-over-guest-buffer-to-host.patch [bz#588916]\n- kvm-virtio-serial-Let-virtio-serial-bus-know-if-all-data.patch [bz#588916]\n- kvm-virtio-serial-Add-support-for-flow-control.patch [bz#588916]\n- kvm-virtio-serial-Add-rhel6.0.0-compat-property-for-flow.patch [bz#588916]\n- kvm-virtio-serial-save-restore-new-fields-in-port-struct.patch [bz#588916]\n- kvm-Convert-io-handlers-to-QLIST.patch [bz#588916]\n- kvm-iohandlers-Add-enable-disable_write_fd_handler-funct.patch [bz#588916]\n- kvm-char-Add-framework-for-a-write-unblocked-callback.patch [bz#588916]\n- kvm-char-Update-send_all-to-handle-nonblocking-chardev-w.patch [bz#588916]\n- kvm-char-Equip-the-unix-tcp-backend-to-handle-nonblockin.patch [bz#588916]\n- kvm-char-Throttle-when-host-connection-is-down.patch [bz#588916 bz#621484]\n- kvm-virtio-console-Enable-port-throttling-when-chardev-i.patch [bz#588916]\n- kvm-Add-spent-time-to-migration.patch [bz#643970]\n- kvm-No-need-to-iterate-if-we-already-are-over-the-limit.patch [bz#643970]\n- kvm-don-t-care-about-TLB-handling.patch [bz#643970]\n- kvm-Only-calculate-expected_time-for-stage-2.patch [bz#643970]\n- kvm-Count-nanoseconds-with-uint64_t-not-doubles.patch [bz#643970]\n- kvm-Exit-loop-if-we-have-been-there-too-long.patch [bz#643970]\n- kvm-Maintaing-number-of-dirty-pages.patch [bz#643970]\n- kvm-Drop-qemu_mutex_iothread-during-migration.patch [bz#643970]\n- Resolves: bz#588916\n (qemu char fixes for nonblocking writes, virtio-console flow control)\n- Resolves: bz#621484\n (Broken pipe when working with unix socket chardev)\n- Resolves: bz#643970\n (guest migration turns failed by the end (16G + stress load))\n[qemu-kvm-0.12.1.2-2.137.el6]\n- kvm-Add-support-for-o-octet-bytes-format-as-monitor-para.patch [bz#515775]\n- kvm-block-add-block_resize-monitor-command.patch [bz#515775]\n- kvm-block-tell-drivers-about-an-image-resize.patch [bz#515775]\n- kvm-virtio-blk-tell-the-guest-about-size-changes.patch [bz#515775]\n- kvm-qdev-add-print_options-callback.patch [bz#641833]\n- kvm-qdev-add-data-pointer-to-Property.patch [bz#641833]\n- kvm-qdev-properties-add-PROP_TYPE_ENUM.patch [bz#641833]\n- kvm-usb-ccid-add-CCID-bus.patch [bz#641833]\n- kvm-introduce-libcacard-vscard_common.h.patch [bz#641833]\n- kvm-ccid-add-passthru-card-device.patch [bz#641833]\n- kvm-libcacard-initial-commit.patch [bz#641833]\n- kvm-ccid-add-ccid-card-emulated-device-v2.patch [bz#641833]\n- kvm-ccid-add-docs.patch [bz#641833]\n- kvm-ccid-configure-fix-enable-disable-flags.patch [bz#641833]\n- Note: smartcard spec patch applied by hand [bz#641833]\n- Resolves: bz#515775\n ([RFE] Include support for online resizing of storage and network block devices)\n- Resolves: bz#641833\n (Spice CAC support - qemu)\n[qemu-kvm-0.12.1.2-2.136.el6]\n- kvm-Introduce-fw_name-field-to-DeviceInfo-structure.patch [bz#643687]\n- kvm-Introduce-new-BusInfo-callback-get_fw_dev_path.patch [bz#643687]\n- kvm-Keep-track-of-ISA-ports-ISA-device-is-using-in-qdev.patch [bz#643687]\n- kvm-Add-get_fw_dev_path-callback-to-ISA-bus-in-qdev.patch [bz#643687]\n- kvm-Store-IDE-bus-id-in-IDEBus-structure-for-easy-access.patch [bz#643687]\n- kvm-Add-get_fw_dev_path-callback-to-IDE-bus.patch [bz#643687]\n- kvm-Add-get_fw_dev_path-callback-for-system-bus.patch [bz#643687]\n- kvm-Add-get_fw_dev_path-callback-for-pci-bus.patch [bz#643687]\n- kvm-Record-which-USBDevice-USBPort-belongs-too.patch [bz#643687]\n- kvm-Add-get_fw_dev_path-callback-for-usb-bus.patch [bz#643687]\n- kvm-Add-get_fw_dev_path-callback-to-scsi-bus.patch [bz#643687]\n- kvm-Add-bootindex-parameter-to-net-block-fd-device.patch [bz#643687]\n- kvm-Change-fw_cfg_add_file-to-get-full-file-path-as-a-pa.patch [bz#643687]\n- kvm-Add-bootindex-for-option-roms.patch [bz#643687]\n- kvm-Add-notifier-that-will-be-called-when-machine-is-ful.patch [bz#643687]\n- kvm-Pass-boot-device-list-to-firmware.patch [bz#643687]\n- kvm-close-all-the-block-drivers-before-the-qemu-process-.patch [bz#635527]\n- kvm-qemu-img-snapshot-Use-writeback-caching.patch [bz#635527]\n- kvm-qcow2-Add-QcowCache.patch [bz#635527]\n- kvm-qcow2-Use-QcowCache.patch [bz#635527]\n- kvm-qcow2-Batch-flushes-for-COW.patch [bz#635527]\n- Commited 'Remove vhost blacklisting' by hand [bz#665299]\n- kvm-add-bootindex-parameter-to-assigned-device.patch [bz#643687]\n- kvm-tap-safe-sndbuf-default.patch [bz#674539]\n- kvm-do-not-pass-NULL-to-strdup.patch [bz#643687]\n- kvm-Use-Makefile-to-install-qemu-kvm-in-correct-location.patch [bz#672441]\n- kvm-Fix-CVE-2011-0011-qemu-kvm-Setting-VNC-password-to-e.patch [bz#667976]\n- kvm-vhost-force-vhost-off-for-non-MSI-guests.patch [bz#674562]\n- Resolves: bz#635527\n (KVM:qemu-img re-base poor performance(on local storage) when snapshot to a new disk)\n- Resolves: bz#643687\n (Allow to specify boot order on qemu command line.)\n- Resolves: bz#665299\n (load vhost-net by default)\n- Resolves: bz#667976\n (CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication [rhel-6.1])\n- Resolves: bz#672441\n (Tracetool autogenerate qemu-kvm.stp with wrong qemu-kvm path)\n- Resolves: bz#674539\n (slow guests block other guests on the same lan)\n- Resolves: bz#674562\n (disable vhost-net for rhel5 and older guests)\n[qemu-kvm-0.12.1.2-2.135.el6]\n- kvm-Bug-625333-qemu-treatment-of-nodefconfig-and-readcon.patch [bz#625333]\n- kvm-ide-Factor-ide_flush_cache-out.patch [bz#670539]\n- kvm-ide-Handle-flush-failure.patch [bz#670539]\n- kvm-virtio-blk-Respect-werror-option-for-flushes.patch [bz#670539]\n- kvm-block-Allow-bdrv_flush-to-return-errors.patch [bz#670539]\n- kvm-ide-Handle-immediate-bdrv_aio_flush-failure.patch [bz#670539]\n- kvm-virtio-blk-Handle-immediate-flush-failure-properly.patch [bz#670539]\n- kvm-vhost-error-code.patch [bz#633394]\n- kvm-vhost-fix-up-irqfd-support.patch [bz#633394]\n- kvm-virtio-pci-mask-notifier-error-handling-fixups.patch [bz#633394]\n- kvm-test-for-ioeventfd-support-on-old-kernels.patch [bz#633394]\n- kvm-virtio-pci-Rename-bugs-field-to-flags.patch [bz#633394]\n- kvm-virtio-move-vmstate-change-tracking-to-core.patch [bz#633394]\n- kvm-virtio-pci-Use-ioeventfd-for-virtqueue-notify.patch [bz#633394]\n- kvm-ioeventfd-error-handling-cleanup.patch [bz#633394]\n- kvm-remove-redhat-disable-THP.patch [bz#635418]\n- kvm-PATCH-RHEL6.1-qemu-kvm-acpi_piix4-qdevfy.patch [bz#498774]\n- kvm-PATCH-RHEL6.1-qemu-kvm-pci-allow-devices-being-tagge.patch [bz#498774]\n- kvm-PATCH-RHEL6.1-qemu-kvm-piix-tag-as-not-hotpluggable.patch [bz#498774]\n- kvm-PATCH-RHEL6.1-qemu-kvm-vga-tag-as-not-hotplugable-v3.patch [bz#498774]\n- kvm-PATCH-RHEL6.1-qemu-kvm-qxl-tag-as-not-hotpluggable.patch [bz#498774]\n- kvm-PATCH-RHEL6.1-qemu-kvm-acpi_piix4-expose-no_hotplug-.patch [bz#498774]\n- kvm-char-Split-out-tcp-socket-close-code-in-a-separate-f.patch [bz#621484]\n- kvm-char-mark-socket-closed-if-write-fails-with-EPIPE.patch [bz#621484]\n- Resolves: bz#498774\n (QEMU: Too many devices are available for unplug in Windows XP (and we don't support that))\n- Resolves: bz#621484\n (Broken pipe when working with unix socket chardev)\n- Resolves: bz#625333\n (qemu treatment of -nodefconfig and -readconfig problematic for debug)\n- Resolves: bz#633394\n ([6.1 FEAT] virtio-blk ioeventfd support)\n- Resolves: bz#635418\n (Allow enable/disable ksm per VM)\n- Resolves: bz#670539\n (Block devices don't implement correct flush error handling)\n- Related: bz#635418\n (Allow enable/disable ksm per VM)\n[qemu-kvm-0.12.1.2-2.134.el6]\n- kvm-switch-stdvga-to-pci-vgabios.patch [bz#638468]\n- kvm-switch-vmware_vga-to-pci-vgabios.patch [bz#638468]\n- kvm-add-rhel6.1.0-machine-type.patch [bz#638468]\n- kvm-vgabios-update-handle-compatibility-with-older-qemu-.patch [bz#638468]\n- kvm-qemu-io-Fix-error-messages.patch [bz#672187]\n- kvm-wdt_i6300esb-register-a-reset-function.patch [bz#637180]\n- kvm-Watchdog-disable-watchdog-timer-when-hard-rebooting-.patch [bz#637180]\n- kvm-usb-linux-increase-buffer-for-USB-control-requests.patch [bz#672720]\n- kvm-device-assignment-Cap-number-of-devices-we-can-have-.patch [bz#670787]\n- kvm-clear-vapic-after-reset.patch [bz#669268]\n- kvm-add-support-for-protocol-driver-create_options.patch [bz#637701]\n- kvm-qemu-img-avoid-calling-exit-1-to-release-resources-p.patch [bz#637701]\n- kvm-Use-qemu_mallocz-instead-of-calloc-in-img_convert.patch [bz#637701]\n- kvm-img_convert-Only-try-to-free-bs-entries-if-bs-is-val.patch [bz#637701]\n- kvm-Consolidate-printing-of-block-driver-options.patch [bz#637701]\n- kvm-Fix-formatting-and-missing-braces-in-qemu-img.c.patch [bz#637701]\n- kvm-Fail-if-detecting-an-unknown-option.patch [bz#637701]\n- kvm-Make-error-handling-more-consistent-in-img_create-an.patch [bz#637701]\n- kvm-qemu-img-Deprecate-obsolete-6-and-e-options.patch [bz#637701]\n- kvm-qemu-img-Free-option-parameter-lists-in-img_create.patch [bz#637701]\n- kvm-qemu-img-Fail-creation-if-backing-format-is-invalid.patch [bz#637701]\n- kvm-Introduce-strtosz-library-function-to-convert-a-stri.patch [bz#637701]\n- kvm-Introduce-strtosz_suffix.patch [bz#637701]\n- kvm-qemu-img.c-Clean-up-handling-of-image-size-in-img_cr.patch [bz#637701]\n- kvm-qemu-img.c-Re-factor-img_create.patch [bz#637701]\n- kvm-Introduce-do_snapshot_blkdev-and-monitor-command-to-.patch [bz#637701]\n- kvm-Prevent-creating-an-image-with-the-same-filename-as-.patch [bz#637701]\n- kvm-qemu-option-Fix-uninitialized-value-in-append_option.patch [bz#637701]\n- kvm-bdrv_img_create-use-proper-errno-return-values.patch [bz#637701]\n- kvm-block-Use-backing-format-driver-during-image-creatio.patch [bz#637701]\n- kvm-Make-strtosz-return-int64_t-instead-of-ssize_t.patch [bz#637701]\n- kvm-strtosz-use-unsigned-char-and-switch-to-qemu_isspace.patch [bz#637701]\n- kvm-strtosz-use-qemu_toupper-to-simplify-switch-statemen.patch [bz#637701]\n- kvm-strtosz-Fix-name-confusion-in-use-of-modf.patch [bz#637701]\n- kvm-strtosz-Use-suffix-macros-in-switch-statement.patch [bz#637701]\n- kvm-do_snapshot_blkdev-error-on-missing-snapshot_file-ar.patch [bz#637701]\n- kvm-pci-memory-leak-of-PCIDevice-rom_file.patch [bz#672229]\n- Resolves: bz#637180\n (watchdog timer isn't reset when qemu resets)\n- Resolves: bz#637701\n (RFE - support live snapshot of a subset of disks without RAM)\n- Resolves: bz#638468\n ([qemu-kvm] bochs vga lfb @ 0xe0000000 causes trouble for hot-plug)\n- Resolves: bz#669268\n (WinXP hang when reboot after setup copies files to the installation folders)\n- Resolves: bz#670787\n (Hot plug the 14st VF to guest causes guest shut down)\n- Resolves: bz#672187\n (Improper responsive message when shrinking qcow2 image)\n- Resolves: bz#672229\n (romfile memory leak)\n- Resolves: bz#672720\n (getting 'ctrl buffer too small' error on USB passthrough)\n[qemu-kvm-0.12.1.2-2.133.el6]\n- kvm-spice-rip-out-all-the-old-non-upstream-spice-bits.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-Use-display-types-for-local-display-only.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-add-pflib-PixelFormat-conversion-library.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-Add-support-for-generic-notifier-lists.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-Rewrite-mouse-handlers-to-use-QTAILQ-and-to-have-an-.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-Add-kbd_mouse_has_absolute.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-Add-notifier-for-mouse-mode-changes.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-sdl-use-mouse-mode-notifier.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-input-make-vnc-use-mouse-mode-notifiers.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-vnc-make-sure-to-send-pointer-type-change-event-on-S.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-vmmouse-adapt-to-mouse-handler-changes.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-wacom-tablet-activate-event-handlers.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-cursor-add-cursor-functions.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-use-new-cursor-struct-functions-for-vmware-vga-and-s.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-add-spice-into-the-configure-file-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-core-bits-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-add-keyboard-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-add-mouse-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-simple-display-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-add-tablet-support.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-tls-support-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-make-compression-configurable.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-add-config-options-for-channel-security.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-add-config-options-for-the-listening-address.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-add-misc-config-options.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-add-audio.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-add-copyright-to-spiceaudio.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-core-fix-watching-for-write-events.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-core-fix-warning-when-building-with-spice-0.6..patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-display-replace-private-lock-with-qemu-mutex.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-add-qxl-device-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-connection-events.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-spice-add-qmp-query-spice-and-hmp-info-spice-command.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-Revert-vnc-support-password-expire.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-vnc-auth-reject-cleanup.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-vnc-support-password-expire-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-vnc-spice-add-set_passwd-monitor-command.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865]\n- kvm-qdev-Track-runtime-machine-modifications.patch [bz#653591]\n- kvm-rtl8139-Use-subsection-to-restrict-migration-after-h.patch [bz#653591]\n- kvm-add-migration-state-change-notifiers.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865]\n- kvm-spice-vnc-client-migration.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865]\n- kvm-vnc-spice-fix-never-and-now-expire_time.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865]\n- kvm-spice-qxl-zap-spice-0.4-migration-compatibility-bits.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865]\n- kvm-spice-add-chardev-v4.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865]\n- kvm-qxl-locking-fix.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865]\n- kvm-spice-qxl-locking-fix-for-qemu-kvm.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865]\n- kvm-spice-qmp-events-restore-rhel6.0-compatibility.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865]\n- kvm-spice-monitor-commands-restore-rhel6.0-compatibility.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865]\n- Resolves: bz#615947\n (RFE QMP: support of query spice for guest)\n- Resolves: bz#631832\n (manpage is missing spice options)\n- Resolves: bz#632458\n (Guest may core dump when booting with spice and qxl.)\n- Resolves: bz#634153\n (coredumped when enable qxl without spice)\n- Resolves: bz#642131\n (qemu-kvm aborts of 'qemu_spice_display_create_update: unhandled depth: 0 bits')\n- Resolves: bz#647865\n (support 2560x1440 in qxl)\n- Resolves: bz#653591\n ([RHEL6 Snap13]: Hot-unplugging issue noticed with rtl8139nic after migration of KVM guest.)\n[qemu-kvm-0.12.1.2-2.132.el6]\n- kvm-BZ-636494-cpu-check-does-not-correctly-enforce-CPUID.patch [bz#636494]\n- kvm-QDict-Introduce-qdict_get_qdict.patch [bz#647447]\n- kvm-monitor-QMP-Drop-info-hpet-query-hpet.patch [bz#647447]\n- kvm-QMP-Teach-basic-capability-negotiation-to-python-exa.patch [bz#647447]\n- kvm-QMP-Fix-python-helper-wrt-long-return-strings.patch [bz#647447]\n- kvm-QMP-update-query-version-documentation.patch [bz#647447]\n- kvm-Revert-QMP-Remove-leading-whitespace-in-package.patch [bz#647447]\n- kvm-QMP-monitor-update-do_info_version-to-output-broken-.patch [bz#647447]\n- kvm-QMP-Remove-leading-whitespace-in-package-again.patch [bz#647447]\n- kvm-QMP-doc-Add-Stability-Considerations-section.patch [bz#647447]\n- kvm-QMP-Update-README-file.patch [bz#647447]\n- kvm-QMP-Revamp-the-Python-class-example.patch [bz#647447]\n- kvm-QMP-Revamp-the-qmp-shell-script.patch [bz#647447]\n- kvm-QMP-Drop-vm-info-example-script.patch [bz#647447]\n- kvm-qemu-char-Introduce-Memory-driver.patch [bz#647447]\n- kvm-QMP-Introduce-Human-Monitor-passthrough-command.patch [bz#647447]\n- kvm-QMP-qmp-shell-Introduce-HMP-mode.patch [bz#647447]\n- kvm-PCI-Export-pci_map_option_rom.patch [bz#667188]\n- kvm-device-assignment-Allow-PCI-to-manage-the-option-ROM.patch [bz#667188]\n- kvm-virtio-serial-bus-bump-up-control-vq-size-to-32.patch [bz#656198]\n- kvm-Move-stdbool.h.patch [bz#635954]\n- kvm-savevm-Fix-no_migrate.patch [bz#635954]\n- kvm-device-assignment-Properly-terminate-vmsd.fields.patch [bz#635954]\n- Resolves: bz#635954\n (RFE: Assigned device should block migration)\n- Resolves: bz#636494\n (-cpu check does not correctly enforce CPUID items)\n- Resolves: bz#647447\n (QMP: provide a hmp_passthrough command to allow execution of non-converted commands)\n- Resolves: bz#656198\n (Can only see 16 virtio ports while assigned 30 virtio serial ports on commandLine)\n- Resolves: bz#667188\n (device-assignment leaks option ROM memory)\n[qemu-kvm-0.12.1.2-2.131.el6]\n- fix spec file to require systemtap, or configure won't enable the systemtap\n tapset\n- Resolves: bz#632722\n ([6.1 FEAT] QEMU static tracing framework)\n[qemu-kvm-0.12.1.2-2.130.el6]\n- kvm-Bug-632257-Duplicate-CPU-fea.tures-in-cpu-x86_64.con.patch [bz#632257]\n- kvm-BZ-647308-Support-Westmere-as-a-CPU-model-or-include.patch [bz#647308]\n- kvm-trace-Add-trace-events-file-for-declaring-trace-even.patch [bz#632722]\n- kvm-trace-Support-disabled-events-in-trace-events.patch [bz#632722]\n- kvm-trace-Add-user-documentation.patch [bz#632722]\n- kvm-trace-Trace-qemu_malloc-and-qemu_vmalloc.patch [bz#632722]\n- kvm-trace-Trace-virtio-blk-multiwrite-and-paio_submit.patch [bz#632722]\n- kvm-trace-Trace-virtqueue-operations.patch [bz#632722]\n- kvm-trace-Trace-port-IO.patch [bz#632722]\n- kvm-trace-Trace-entry-point-of-balloon-request-handler.patch [bz#632722]\n- kvm-trace-fix-a-typo.patch [bz#632722]\n- kvm-trace-fix-a-regex-portability-problem.patch [bz#632722]\n- kvm-trace-avoid-unnecessary-recompilation-if-nothing-cha.patch [bz#632722]\n- kvm-trace-Use-portable-format-strings.patch [bz#632722]\n- kvm-trace-Don-t-strip-lines-containing-arbitrarily.patch [bz#632722]\n- kvm-trace-Trace-bdrv_aio_-readv-writev.patch [bz#632722]\n- kvm-trace-remove-timestamp-files-when-cleaning-up.patch [bz#632722]\n- kvm-trace-Format-strings-must-begin-end-with-double-quot.patch [bz#632722]\n- kvm-apic-convert-debug-printf-statements-to-tracepoints.patch [bz#632722]\n- kvm-Add-a-DTrace-tracing-backend-targetted-for-SystemTAP.patch [bz#632722]\n- kvm-Add-support-for-generating-a-systemtap-tapset-static.patch [bz#632722]\n- kvm-trace-Trace-vm_start-vm_stop.patch [bz#632722]\n- spec file changes to enable trace support [bz#632722]\n- Resolves: bz#632257\n (Duplicate CPU fea.tures in cpu-x86_64.conf)\n- Resolves: bz#632722\n ([6.1 FEAT] QEMU static tracing framework)\n- Resolves: bz#647308\n (Support Westmere as a CPU model or included within existing models..)\n[qemu-kvm-0.12.1.2-2.129.el6]\n- kvm-let-management-choose-whether-transparent-huge-pages.patch [bz#628308]\n- kvm-tap-generalize-code-for-different-vnet-header-len.patch [bz#616659]\n- kvm-tap-add-APIs-for-vnet-header-length.patch [bz#616659]\n- kvm-vhost_net-mergeable-buffers-support.patch [bz#616659]\n- kvm-vhost-Fix-address-calculation-in-vhost_dev_sync_regi.patch [bz#623552]\n- Resolves: bz#616659\n (mrg buffers: migration breaks between systems with/without vhost)\n- Resolves: bz#623552\n (SCP image fails from host to guest with vhost on when do migration)\n- Resolves: bz#628308\n ([RFE] let management choose whether transparent huge pages are used)\n[qemu-kvm-0.12.1.2-2.128.el6]\n- kvm-virtio-invoke-set_status-callback-on-reset.patch [bz#623735]\n- kvm-virtio-net-unify-vhost-net-start-stop.patch [bz#623735]\n- kvm-tap-clear-vhost_net-backend-on-cleanup.patch [bz#623735]\n- kvm-tap-make-set_offload-a-nop-after-netdev-cleanup.patch [bz#623735]\n- Resolves: bz#623735\n (hot unplug of vhost net virtio NIC causes qemu segfault)\n[qemu-kvm-0.12.1.2-2.127.el6]\n- kvm-pci-import-Linux-pci_regs.h.patch [bz#624790]\n- kvm-pci-s-PCI_SUBVENDOR_ID-PCI_SUBSYSTEM_VENDOR_ID-g.patch [bz#624790]\n- kvm-pci-use-pci_regs.h.patch [bz#624790]\n- kvm-pci-add-API-to-add-capability-at-a-known-offset.patch [bz#624790]\n- kvm-pci-consolidate-pci_add_capability_at_offset-into-pc.patch [bz#624790]\n- kvm-pci-pci_default_cap_write_config-ignores-wmask.patch [bz#624790]\n- kvm-pci-Remove-pci_enable_capability_support.patch [bz#624790]\n- kvm-device-assignment-Use-PCI-capabilities-support.patch [bz#624790]\n- kvm-pci-Replace-used-bitmap-with-config-byte-map.patch [bz#624790]\n- kvm-pci-Remove-cap.length-cap.start-cap.supported.patch [bz#624790]\n- kvm-device-assignment-Move-PCI-capabilities-to-match-phy.patch [bz#624790]\n- kvm-pci-Remove-capability-specific-handlers.patch [bz#624790]\n- kvm-device-assignment-Make-use-of-config_map.patch [bz#624790]\n- kvm-device-assignment-Fix-off-by-one-in-header-check.patch [bz#624790]\n- kvm-pci-Remove-PCI_CAPABILITY_CONFIG_.patch [bz#624790]\n- kvm-pci-Error-on-PCI-capability-collisions.patch [bz#624790]\n- kvm-device-assignment-Error-checking-when-adding-capabil.patch [bz#624790]\n- kvm-device-assignment-pass-through-and-stub-more-PCI-cap.patch [bz#624790]\n- Resolves: bz#624790\n (pass through fails with KVM using Neterion Inc's X3100 Series 10GbE PCIe I/O Virtualized Server Adapter in Multifunction mode.)\n[qemu-kvm-0.12.1.2-2.126.el6]\n- kvm-Fix-build-problem-with-recent-compilers.patch [bz#662633]\n- kvm-vhost-fix-infinite-loop-on-error-path.patch [bz#628634]\n- Resolves: bz#628634\n (vhost_net: untested error handling in vhost_net_start)\n- Resolves: bz#662633\n (Fix build problem with recent compilers)\n[qemu-kvm-0.12.1.2-2.125.el6]\n- kvm-New-option-fake-machine.patch [bz#658288]\n- spec file code for --enable-fake-machine [bz#658288]\n- Resolves: bz#658288\n (Include (disabled by default) -fake-machine patch on qemu-kvm RPM spec)\n[qemu-kvm-0.12.1.2-2.124.el6]\n- kvm-Fix-compilation-error-missing-include-statement.patch [bz#608548]\n- kvm-use-qemu_blockalign-consistently.patch [bz#608548]\n- kvm-raw-posix-handle-512-byte-alignment-correctly.patch [bz#608548]\n- kvm-virtio-blk-propagate-the-required-alignment.patch [bz#608548]\n- kvm-scsi-disk-propagate-the-required-alignment.patch [bz#608548]\n- kvm-ide-propagate-the-required-alignment.patch [bz#608548]\n- kvm-Support-marking-a-device-as-non-migratable.patch [bz#635954]\n- kvm-device-assignment-Register-as-un-migratable.patch [bz#635954]\n- Resolves: bz#608548\n (QEMU doesn't respect hardware sector size of underlying block device when doing O_DIRECT)\n- Resolves: bz#635954\n (RFE: Assigned device should block migration)\n[qemu-kvm-0.12.1.2-2.123.el6]\n- kvm-qcow2-Implement-bdrv_truncate-for-growing-images.patch [bz#613893]\n- kvm-qemu-img-Add-resize-command-to-grow-shrink-disk-imag.patch [bz#613893]\n- kvm-qemu-img-Fix-copy-paste-bug-in-documentation.patch [bz#613893]\n- Resolves: bz#613893\n ([RFE] qemu-io enable truncate function for qcow2.)\n[qemu-kvm-0.12.1.2-2.122.el6]\n- kvm-cleanup-block-driver-option-handling-in-vl.c.patch [bz#653536]\n- kvm-Add-cache-unsafe-parameter-to-drive.patch [bz#653536]\n- kvm-move-unsafe-to-end-of-caching-modes-in-help.patch [bz#653536]\n- kvm-qemu-img-Eliminate-bdrv_new_open-code-duplication.patch [bz#653536]\n- kvm-qemu-img-Fix-BRDV_O_FLAGS-typo.patch [bz#653536]\n- kvm-qemu-img-convert-Use-cache-unsafe-for-output-image.patch [bz#653536]\n- kvm-block-Fix-virtual-media-change-for-if-none.patch [bz#625319]\n- kvm-Check-for-invalid-initrd-file.patch [bz#624721]\n- kvm-qcow-qcow2-implement-bdrv_aio_flush.patch [bz#653972]\n- kvm-block-Remove-unused-s-hd-in-various-drivers.patch [bz#653972]\n- kvm-qcow2-Remove-unnecessary-flush-after-L2-write.patch [bz#653972]\n- kvm-qcow2-Move-sync-out-of-write_refcount_block_entries.patch [bz#653972]\n- kvm-qcow2-Move-sync-out-of-update_refcount.patch [bz#653972]\n- kvm-qcow2-Move-sync-out-of-qcow2_alloc_clusters.patch [bz#653972]\n- kvm-qcow2-Get-rid-of-additional-sync-on-COW.patch [bz#653972]\n- kvm-cutils-qemu_iovec_copy-and-qemu_iovec_memset.patch [bz#653972]\n- kvm-qcow2-Avoid-bounce-buffers-for-AIO-read-requests.patch [bz#653972]\n- kvm-qcow2-Avoid-bounce-buffers-for-AIO-write-requests.patch [bz#653972]\n- kvm-kill-empty-index-on-qemu-doc.texi.patch [bz#604992]\n- kvm-add-VMSTATE_BOOL.patch [bz#645342]\n- kvm-Add-Intel-HD-Audio-support-to-qemu.patch [bz#645342]\n- Resolves: bz#604992\n (index is empty in qemu-doc.html)\n- Resolves: bz#624721\n ([qemu] [rhel6] bad error handling when qemu has no 'read' permissions over {kernel,initrd} files [pass boot options])\n- Resolves: bz#625319\n (Failed to update the media in floppy device)\n- Resolves: bz#645342\n (Implement QEMU driver for modern sound device like Intel HDA)\n- Resolves: bz#653536\n (qemu-img convert poor performance)\n- Resolves: bz#653972\n (qcow2: Backport performance related patches)\n[qemu-kvm-0.12.1.2-2.121.el6]\n- kvm-monitor-Rename-argument-type-b-to-f.patch [bz#625681]\n- kvm-monitor-New-argument-type-b-bool.patch [bz#625681]\n- kvm-monitor-Use-argument-type-b-for-set_link.patch [bz#625681]\n- kvm-monitor-Convert-do_set_link-to-QObject-QError.patch [bz#625681]\n- Resolves: bz#625681\n (RFE QMP: should have command to disconnect and connect network card for whql testing)\n[qemu-kvm-0.12.1.2-2.120.el6]\n- kvm-Fix-snapshot-deleting-images-on-disk-change.patch [bz#653582]\n- Resolves: bz#653582\n (Changing media with -snapshot deletes image file)\n[qemu-kvm-0.12.1.2-2.119.el6]\n- kvm-bz-603413-e1000-secrc-support.patch [bz#603413]\n- kvm-net-properly-handle-illegal-fd-vhostfd-from-command-.patch [bz#581750]\n- kvm-Enable-non-page-boundary-BAR-device-assignment.patch [bz#647307]\n- kvm-Fix-build-failure-with-DEVICE_ASSIGNMENT_DEBUG.patch [bz#647307]\n- kvm-slow_map-minor-improvements-to-ROM-BAR-handling.patch [bz#647307]\n- kvm-device-assignment-Always-use-slow-mapping-for-PCI-op.patch [bz#647307]\n- kvm-e1000-Fix-TCP-checksum-overflow-with-TSO.patch [bz#648333]\n- kvm-device-assignment-Fix-slow-option-ROM-mapping.patch [bz#647307]\n- Resolves: bz#581750\n (Vhost: Segfault when assigning a none vhostfd)\n- Resolves: bz#603413\n (RHEL3.9 guest netdump hung with e1000)\n- Resolves: bz#647307\n (Support slow mapping of PCI Bars)\n- Resolves: bz#648333\n (TCP checksum overflows in qemu's e1000 emulation code when TSO is enabled in guest OS)\n[qemu-kvm-0.12.1.2-2.118.el6]\n- kvm-net-delay-freeing-peer-host-device.patch [bz#634661]\n- kvm-QMP-Improve-debuggability-of-the-BLOCK_IO_ERROR-even.patch [bz#624607]\n- Resolves: bz#624607\n ([qemu] [rhel6] guest installation stop (pause) on 'eother' event over COW disks (thin-provisioning))\n- Resolves: bz#634661\n ([RHEL6 Snap13]: Hot-unplugging of virtio nic issue in Windows2008 KVM guest.)\n[qemu-kvm-0.12.1.2-2.117.el6]\n- kvm-savevm-Really-verify-if-a-drive-supports-snapshots.patch [bz#599307]\n- kvm-drop-boot-on-from-help-string.patch [bz#643681]\n- kvm-Fix-parameters-of-prctl.patch [bz#585910]\n- kvm-Ignore-SRAO-MCE-if-another-MCE-is-being-processed.patch [bz#585910]\n- kvm-Add-RAM-physical-addr-mapping-in-MCE-simulation.patch [bz#585910]\n- kvm-Add-savevm-loadvm-support-for-MCE.patch [bz#585910]\n- kvm-Fix-SRAO-SRAR-MCE-injecting-on-guest-without-MCG_SER.patch [bz#585910]\n- Resolves: bz#585910\n ([Intel 6.1 Bug] SRAO MCE in guest kills QEMU-KVM (qemu-kvm component))\n- Resolves: bz#599307\n (info snapshot return 'bdrv_snapshot_list: error -95')\n- Resolves: bz#643681\n (Do not advertise boot=on capability to libvirt)\n[qemu-kvm-0.12.1.2-2.116.el6]\n- ksmtuned: committed_memory of 0 qemus [bz#609016]\n- kvm-Fix-underflow-error-in-device-assignment-size-check.patch [bz#632054]\n- kvm-check-for-close-errors-on-qcow2_create.patch [bz#641127]\n- Resolves: bz#609016\n (incorrect committed memory on idle host)\n- Resolves: bz#632054\n ([Intel 6.0 Virt] guest bootup fail with intel 82574L NIC assigned)\n- Resolves: bz#641127\n (qemu-img ignores close() errors)\n[qemu-kvm-0.12.1.2-2.115.el6]\n- kvm-spice-qxl-update-modes-ptr-in-post_load.patch [bz#631522]\n- kvm-spice-qxl-make-draw_area-and-vgafb-share-memory.patch [bz#631522]\n- Give a nicer message if retune is called while ksmtuned is off [bz#637976]\n- Resolves: bz#631522\n (spice: prepare qxl for 6.1 update.)\n- Resolves: bz#637976\n (ksmtuned: give a nicer message if retune is called while ksmtuned is off)\n[qemu-kvm-0.12.1.2-2.114.el6]\n- fix ksmd.init 'status' [bz#570467]\n- kvm-virtio-net-Make-tx_timer-timeout-configurable.patch [bz#624767]\n- kvm-virtio-net-Limit-number-of-packets-sent-per-TX-flush.patch [bz#624767]\n- kvm-virtio-net-Rename-tx_timer_active-to-tx_waiting.patch [bz#624767]\n- kvm-virtio-net-Introduce-a-new-bottom-half-packet-TX.patch [bz#624767]\n- kvm-spice-qxl-enable-some-highres-modes.patch [bz#482427]\n- kvm-add-MADV_DONTFORK-to-guest-physical-memory-v2.patch [bz#633699]\n- kvm-virtio-serial-Check-if-virtio-queue-is-ready-before-.patch [bz#596610]\n- kvm-virtio-serial-Assert-for-virtio-queue-ready-before-v.patch [bz#596610]\n- kvm-virtio-serial-Check-if-more-max_ports-specified-than.patch [bz#616703]\n- kvm-virtio-serial-Cleanup-on-device-hot-unplug.patch [bz#624396]\n- kvm-block-Fix-image-re-open-in-bdrv_commit.patch [bz#635354]\n- kvm-qxl-clear-dirty-rectangle-on-resize.patch [bz#617119]\n- kvm-VGA-Don-t-register-deprecated-VBE-range.patch [bz#625948]\n- kvm-BZ-619168-qemu-should-more-clearly-indicate-internal.patch [bz#619168]\n- kvm-fix-and-on-russian-keymap.patch [bz#639437]\n- Resolves: bz#482427\n (support high resolutions)\n- Resolves: bz#570467\n ([RHEL 6] Initscripts improvement for ksm and ksmtuned)\n- Resolves: bz#596610\n ('Guest moved used index from 0 to 61440' if remove virtio serial device before virtserialport)\n- Resolves: bz#616703\n (qemu-kvm core dump with virtio-serial-pci max-port greater than 31)\n- Resolves: bz#617119\n (Qemu becomes unresponsive during unattended_installation)\n- Resolves: bz#619168\n (qemu should more clearly indicate internal detection of this host out-of-memory condition at startup..)\n- Resolves: bz#624396\n (migration failed after hot-unplug virtserialport - Unknown savevm section or instance '0000:00:07.0/virtio-console' 0)\n- Resolves: bz#624767\n (Replace virtio-net TX timer mitigation with bottom half handler)\n- Resolves: bz#625948\n (qemu exits when hot adding rtl8139 nic to win2k8 guest)\n- Resolves: bz#633699\n (Cannot hot-plug nic in windows VM when the vmem is larger)\n- Resolves: bz#635354\n (Can not commit copy-on-write image's data to raw backing-image)\n- Resolves: bz#639437\n (Incorrect russian vnc keymap)", "edition": 72, "modified": "2011-05-28T00:00:00", "published": "2011-05-28T00:00:00", "id": "ELSA-2011-0534", "href": "http://linux.oracle.com/errata/ELSA-2011-0534.html", "title": "qemu-kvm security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029"], "description": "[3.0.3-135.el5_8.2]\n- Fix broken timestamp log (rhbz 797836)\n[3.0.3-135.el5_8.1]\n- qemu-dm/e1000: bounds packet size against buffer size (rhbz 786862)\n- Use correct expansion in xen-network-common.sh (rhbz 797191)", "edition": 4, "modified": "2012-03-07T00:00:00", "published": "2012-03-07T00:00:00", "id": "ELSA-2012-0370", "href": "http://linux.oracle.com/errata/ELSA-2012-0370.html", "title": "xen security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029", "CVE-2012-2652"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2012-08-09T23:00:10", "published": "2012-08-09T23:00:10", "id": "FEDORA:9BE8D212EA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: qemu-0.15.1-7.fc16", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1750", "CVE-2011-2527", "CVE-2012-0029"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2012-06-07T23:07:08", "published": "2012-06-07T23:07:08", "id": "FEDORA:13FD320DF5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: qemu-0.14.0-9.fc15", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029", "CVE-2012-2652", "CVE-2012-3515"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2012-10-17T00:22:05", "published": "2012-10-17T00:22:05", "id": "FEDORA:BB441201DF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: qemu-0.15.1-8.fc16", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029", "CVE-2012-2652", "CVE-2012-3515", "CVE-2012-6075"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2013-01-28T15:20:00", "published": "2013-01-28T15:20:00", "id": "FEDORA:89C00219DA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: qemu-0.15.1-9.fc16", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2652"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2012-08-09T23:02:11", "published": "2012-08-09T23:02:11", "id": "FEDORA:3E118212FC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: qemu-1.0.1-1.fc17", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029"], "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "modified": "2012-06-07T22:59:10", "published": "2012-06-07T22:59:10", "id": "FEDORA:5EAF3218CD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: qemu-0.15.1-5.fc16", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-02-19T02:02:08", "published": "2012-02-19T02:02:08", "id": "FEDORA:9442821503", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: xen-4.1.2-6.fc16", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-1750", "CVE-2011-1751", "CVE-2011-0011"], "description": "DoS on guest system I/O processing.", "edition": 1, "modified": "2011-05-26T00:00:00", "published": "2011-05-26T00:00:00", "id": "SECURITYVULNS:VULN:11641", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11641", "title": "KVM security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-2212", "CVE-2011-2512", "CVE-2011-2527"], "description": "virtio commands processing code execution.", "edition": 1, "modified": "2011-07-26T00:00:00", "published": "2011-07-26T00:00:00", "id": "SECURITYVULNS:VULN:11764", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11764", "title": "kvm code execution", "type": "securityvulns", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-2512"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2270-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJuly 01, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : qemu-kvm\r\nVulnerability : programming error\r\nProblem type : local\r\nDebian-specific: no\r\nCVE ID : CVE-2011-2512 \r\nDebian Bug : 631975\r\n\r\nIt was discovered that incorrect sanitising of virtio queue commands in \r\nKVM, a solution for full virtualization on x86 hardware, could lead to \r\ndenial of service of the execution of arbitrary code.\r\n\r\n\r\nThe oldstable distribution (lenny) is not affected by this problem.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 0.12.5+dfsg-5+squeeze4.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 0.14.1+dfsg-2.\r\n\r\nWe recommend that you upgrade your qemu-kvm packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk4OMwwACgkQXm3vHE4uylpF1wCgr/yYBC/EzaMDMfZV6qWAu0ZQ\r\n8WYAoK/FvSNWCu24VljNhlPxZmyDghOU\r\n=onSM\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-07-06T00:00:00", "published": "2011-07-06T00:00:00", "id": "SECURITYVULNS:DOC:26610", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26610", "title": "[SECURITY] [DSA 2270-1] qemu-kvm security update", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-2652"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1522-1\r\nAugust 02, 2012\r\n\r\nqemu-kvm vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nQEMU could be made to overwrite files as the administrator, or expose\r\nsensitive information.\r\n\r\nSoftware Description:\r\n- qemu-kvm: Machine emulator and virtualizer\r\n\r\nDetails:\r\n\r\nIt was discovered that QEMU incorrectly handled temporary files when\r\ncreating a snapshot. A local attacker could use this flaw to possibly\r\noverwrite files with root privilege, or obtain sensitive information from\r\nthe guest.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n qemu-kvm 1.0+noroms-0ubuntu14.1\r\n\r\nUbuntu 11.10:\r\n qemu-kvm 0.14.1+noroms-0ubuntu6.4\r\n\r\nUbuntu 11.04:\r\n qemu-kvm 0.14.0+noroms-0ubuntu4.6\r\n\r\nUbuntu 10.04 LTS:\r\n qemu-kvm 0.12.3+noroms-0ubuntu9.19\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1522-1\r\n CVE-2012-2652\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.1\r\n https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.1+noroms-0ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.0+noroms-0ubuntu4.6\r\n https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.19\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2012-08-06T00:00:00", "published": "2012-08-06T00:00:00", "id": "SECURITYVULNS:DOC:28341", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28341", "title": "[USN-1522-1] QEMU vulnerability", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "cvelist": ["CVE-2012-2652"], "description": "Symbolic links vulnerability on snapshot creation.", "edition": 1, "modified": "2012-08-06T00:00:00", "published": "2012-08-06T00:00:00", "id": "SECURITYVULNS:VULN:12498", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12498", "title": "QEMU sumbolic links vulnerability", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-1751"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2241-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nMay 24, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : qemu-kvm\r\nVulnerability : implementation error\r\nProblem type : local\r\nDebian-specific: no\r\nCVE ID : CVE-2011-1751 \r\n\r\nNelson Elhage discovered that incorrect memory handling during the \r\nremoval of ISA devices in KVM, a solution for full virtualization on\r\nx86 hardware, could lead to denial of service of the execution of \r\narbitrary code.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 0.12.5+dfsg-5+squeeze2.\r\n\r\nFor the unstable distribution (sid), this problem will be fixed soon.\r\n\r\nWe recommend that you upgrade your qemu-kvm packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk3cHJcACgkQXm3vHE4uyloxgwCfQQQxlWMXqkdMl/+f27juD/In\r\nPhcAoJEbee8DAPBcqJOdQP+zRgskLEea\r\n=IBup\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-05-26T00:00:00", "published": "2011-05-26T00:00:00", "id": "SECURITYVULNS:DOC:26415", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26415", "title": "[SECURITY] [DSA 2241-1] qemu-kvm security update", "type": "securityvulns", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0029"], "description": "Buffer overflow in network card emulation.", "edition": 1, "modified": "2012-02-08T00:00:00", "published": "2012-02-08T00:00:00", "id": "SECURITYVULNS:VULN:12172", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12172", "title": "QEMU buffer overflow", "type": "securityvulns", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
