Vulnerability Details : CVE-2011-3346
Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2011-3346
- cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.15.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.15.0:rc1:*:*:*:*:*:*
Threat overview for CVE-2011-3346
Top countries where our scanners detected CVE-2011-3346
Top open port discovered on systems with this issue
53
IPs affected by CVE-2011-3346 16,886
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-3346!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-3346
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3346
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:L/AC:H/Au:N/C:N/I:N/A:C |
1.9
|
6.9
|
NIST |
CWE ids for CVE-2011-3346
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3346
-
https://github.com/bonzini/qemu/commit/103b40f51e4012b3b0ad20f615562a1806d7f49a
scsi-disk: commonize iovec creation between reads and writes · bonzini/qemu@103b40f · GitHubExploit;Patch
-
http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log
git.qemu.org Git
-
https://bugzilla.redhat.com/show_bug.cgi?id=736038
736038 – (CVE-2011-3346) CVE-2011-3346 qemu: local DoS with SCSI CD-ROM
-
https://github.com/bonzini/qemu/commit/7285477ab11831b1cf56e45878a89170dd06d9b9
scsi-disk: lazily allocate bounce buffer · bonzini/qemu@7285477 · GitHubExploit;Patch
-
http://www.redhat.com/support/errata/RHSA-2011-1401.html
Support
-
http://www.openwall.com/lists/oss-security/2011/10/20/2
oss-security - qemu: CVE-2011-3346
Jump to