Multiple heap-based buffer overflows in the virtio-blk...
High severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Feb 10, 2023
Description
Published by the National Vulnerability Database
Jun 21, 2012
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Feb 10, 2023
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.
References