5.8 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.6%
The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly
validate the virtqueue number, which allows guest users to cause a denial
of service (guest crash) and possibly execute arbitrary code via a negative
number in the Queue Notify field of the Virtio Header, which bypasses a
signed comparison.