QEMU KVM 'virtio-blk' Driver Local Privilege Escalation Vulnerability

http://www.securityfocus.com/bid/47546

Security Info

Bugtraq ID:	47546
Class:	Boundary Condition Error
CVE:
Remote:	No
Local:	Yes
Published:	Apr 22 2011 12:00AM
Updated:	Apr 22 2011 12:00AM
Credit:	Christoph Hellwig
Vulnerable:	QEMU QEMU 0 Linux kernel 2.6.31 Linux kernel 2.6.30 .10 Linux kernel 2.6.30 .1 Linux kernel 2.6.30 -rc6 Linux kernel 2.6.30 -rc5 Linux kernel 2.6.30 -rc3 Linux kernel 2.6.30 -rc2 Linux kernel 2.6.30 -rc1 Linux kernel 2.6.30 Linux kernel 2.6.29 .4 Linux kernel 2.6.29 .1 Linux kernel 2.6.29 -git8 Linux kernel 2.6.29 -git14 Linux kernel 2.6.29 -git1 Linux kernel 2.6.29 Linux kernel 2.6.28 .9 Linux kernel 2.6.28 .8 Linux kernel 2.6.28 .6 Linux kernel 2.6.28 .5 Linux kernel 2.6.28 .3 Linux kernel 2.6.28 .2 Linux kernel 2.6.28 .1 Linux kernel 2.6.28 -rc7 Linux kernel 2.6.28 -rc5 Linux kernel 2.6.28 -rc1 Linux kernel 2.6.28 -git7 Linux kernel 2.6.28 Linux kernel 2.6.27 6 Linux kernel 2.6.27 3 Linux kernel 2.6.27 12 Linux kernel 2.6.27 .8 Linux kernel 2.6.27 .5 Linux kernel 2.6.27 .5 Linux kernel 2.6.27 .46 Linux kernel 2.6.27 .24 Linux kernel 2.6.27 .14 Linux kernel 2.6.27 .13 Linux kernel 2.6.27 .12 Linux kernel 2.6.27 -rc8-git5 Linux kernel 2.6.27 -rc8 Linux kernel 2.6.27 -rc6-git6 Linux kernel 2.6.27 -rc6 Linux kernel 2.6.27 -rc5 Linux kernel 2.6.27 -rc4 Linux kernel 2.6.27 -rc2 Linux kernel 2.6.27 -rc1 Linux kernel 2.6.27 Linux kernel 2.6.26 7 Linux kernel 2.6.26 .6 Linux kernel 2.6.26 .4 Linux kernel 2.6.26 .3 Linux kernel 2.6.26 -rc6 Linux kernel 2.6.26 Linux kernel 2.6.25 19 Linux kernel 2.6.25 .9 Linux kernel 2.6.25 .8 Linux kernel 2.6.25 .7 Linux kernel 2.6.25 .6 Linux kernel 2.6.25 .5 Linux kernel 2.6.25 .15 Linux kernel 2.6.25 .13 Linux kernel 2.6.25 .12 Linux kernel 2.6.25 .11 Linux kernel 2.6.25 .10 Linux kernel 2.6.25 Linux kernel 2.6.24 .2 Linux kernel 2.6.24 .1 Linux kernel 2.6.24 -rc5 Linux kernel 2.6.24 -rc4 Linux kernel 2.6.24 -rc3 Linux kernel 2.6.24 -git13 Linux kernel 2.6.24 Linux kernel 2.6.23 .7 Linux kernel 2.6.23 .7 Linux kernel 2.6.23 .6 Linux kernel 2.6.23 .6 Linux kernel 2.6.23 .5 Linux kernel 2.6.23 .5 Linux kernel 2.6.23 .4 Linux kernel 2.6.23 .4 Linux kernel 2.6.23 .3 Linux kernel 2.6.23 .3 Linux kernel 2.6.23 .2 Linux kernel 2.6.23 .2 Linux kernel 2.6.23 -rc2 Linux kernel 2.6.23 -rc1 Linux kernel 2.6.23 Linux kernel 2.6.23 Linux kernel 2.6.22 rc6 Linux kernel 2.6.22 .8 Linux kernel 2.6.22 .7 Linux kernel 2.6.22 .7 Linux kernel 2.6.22 .6 Linux kernel 2.6.22 .6 Linux kernel 2.6.22 .5 Linux kernel 2.6.22 .5 Linux kernel 2.6.22 .4 Linux kernel 2.6.22 .4 Linux kernel 2.6.22 .3 Linux kernel 2.6.22 .3 Linux kernel 2.6.22 .2 Linux kernel 2.6.22 .17 Linux kernel 2.6.22 .16 Linux kernel 2.6.22 .15 Linux kernel 2.6.22 .14 Linux kernel 2.6.22 .13 Linux kernel 2.6.22 .12 Linux kernel 2.6.22 .11 Linux kernel 2.6.22 .1 Linux kernel 2.6.22 Linux kernel 2.6.22 Linux kernel 2.6.21 rc7 Linux kernel 2.6.21 git5 Linux kernel 2.6.21 git4 Linux kernel 2.6.21 git3 Linux kernel 2.6.21 git2 Linux kernel 2.6.21 git1 Linux kernel 2.6.21 git 7 Linux kernel 2.6.21 git 6 Linux kernel 2.6.21 4 Linux kernel 2.6.21 .7 Linux kernel 2.6.21 .6 Linux kernel 2.6.21 .3 Linux kernel 2.6.21 .2 Linux kernel 2.6.21 .1 Linux kernel 2.6.21 -git8 Linux kernel 2.6.21 Linux kernel 2.6.20 .9 Linux kernel 2.6.20 .8 Linux kernel 2.6.20 .7 Linux kernel 2.6.20 .6 Linux kernel 2.6.20 .5 Linux kernel 2.6.20 .4 Linux kernel 2.6.20 .15 Linux kernel 2.6.20 .14 Linux kernel 2.6.20 .12 Linux kernel 2.6.20 .10 Linux kernel 2.6.20 .1 Linux kernel 2.6.3 rc4 Linux kernel 2.6.3 rc3 Linux kernel 2.6.3 rc2 Linux kernel 2.6.3 rc1 Linux kernel 2.6.3 Linux kernel 2.6.3 Linux kernel 2.6.30.5 Linux kernel 2.6.30.4 Linux kernel 2.6.30.3 Linux kernel 2.6.29-rc2-git1 Linux kernel 2.6.29-rc2 Linux kernel 2.6.29-rc1 Linux kernel 2.6.28.4 Linux kernel 2.6.28.10 Linux kernel 2.6.28-rc7 Linux kernel 2.6.28-rc6 Linux kernel 2.6.28-rc5 Linux kernel 2.6.28-rc5 Linux kernel 2.6.28-rc4 Linux kernel 2.6.27.54 Linux kernel 2.6.27.51 Linux kernel 2.6.27.49 Linux kernel 2.6.27.26 Linux kernel 2.6.27-git3 Linux kernel 2.6.26.1 Linux kernel 2.6.26-rc5-git1 Linux kernel 2.6.25.4 Linux kernel 2.6.25.3 Linux kernel 2.6.25.2 Linux kernel 2.6.25.1 Linux kernel 2.6.25-rc1 Linux kernel 2.6.24.6 Linux kernel 2.6.24.4 Linux kernel 2.6.24.3 Linux kernel 2.6.24-rc2 Linux kernel 2.6.24-rc1 Linux kernel 2.6.24 Rc3 Linux kernel 2.6.24 Rc2 Linux kernel 2.6.23.14 Linux kernel 2.6.23.10 Linux kernel 2.6.23.1 Linux kernel 2.6.23.1 Linux kernel 2.6.23.09 Linux kernel 2.6.23 Rc2 Linux kernel 2.6.22-rc7 Linux kernel 2.6.22-rc1 Linux kernel 2.6.21-RC6 Linux kernel 2.6.21-RC5 Linux kernel 2.6.21-RC4 Linux kernel 2.6.21-RC3 Linux kernel 2.6.20.3 Linux kernel 2.6.20.2 Linux kernel 2.6.20.13 Linux kernel 2.6.20.11

Not Vulnerable:

Security Discussion

QEMU KVM is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser privileges on the host operating system or crash the guest operating system.

Proof of Concept and Security Exploits

Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

Security References(s)

References:

Vendor Homepage (QEMU)
virtio-blk: fail unaligned requests (virtio-blk:fail unalighned requests)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services