Back to search
CVE-2011-3346
Published: Apr 1, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log
x_refsource_CONFIRM
RHSA-2011:1401
vendor-advisory
x_refsource_REDHAT
[oss-security] 20111020 qemu: CVE-2011-3346
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=736038
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now