Rapid7 Vulnerability & Exploit Database

RHSA-2011:0919: qemu-kvm security and bug fix update

Back to Search

RHSA-2011:0919: qemu-kvm security and bug fix update



KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space componentfor running virtual machines using KVM.It was found that the virtio subsystem in qemu-kvm did not properlyvalidate virtqueue in and out requests from the guest. A privileged guestuser could use this flaw to trigger a buffer overflow, allowing them tocrash the guest (denial of service) or, possibly, escalate their privilegeson the host. (CVE-2011-2212)It was found that the virtio_queue_notify() function in qemu-kvm did notperform sufficient input validation on the value later used as an indexinto the array of virtqueues. An unprivileged guest user could use thisflaw to crash the guest (denial of service) or, possibly, escalate theirprivileges on the host. (CVE-2011-2512)Red Hat would like to thank Nelson Elhage for reporting CVE-2011-2212.This update also fixes the following bug:All users of qemu-kvm should upgrade to these updated packages, whichcontain backported patches to resolve these issues. After installing thisupdate, shut down all running virtual machines. Once all virtual machineshave shut down, start them again for this update to take effect.


  • redhat-upgrade-qemu-img
  • redhat-upgrade-qemu-kvm
  • redhat-upgrade-qemu-kvm-debuginfo
  • redhat-upgrade-qemu-kvm-tools

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center