Security Information / 2011 / Security Information -- DSA-2241-1 qemu-kvm

Debian Security Advisory

DSA-2241-1 qemu-kvm -- implementation error

Date Reported:

24 May 2011

Affected Packages:

qemu-kvm

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-1751.

More information:

Nelson Elhage discovered that incorrect memory handling during the removal of ISA devices in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service or the execution of arbitrary code.

For the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze2.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your qemu-kvm packages.