CVE-2010-0297

Published: Feb 12, 2010Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.

Affected (41)

Products: Qemu: Qemu

1 product

Configuration A

41 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 0.11.0
Qemu Qemu	Version 0.1.0
Qemu Qemu	Version 0.1.1
Qemu Qemu	Version 0.1.2
Qemu Qemu	Version 0.1.3
Qemu Qemu	Version 0.1.4
Qemu Qemu	Version 0.1.5
Qemu Qemu	Version 0.1.6
Qemu Qemu	Version 0.10.0
Qemu Qemu	Version 0.10.1
Qemu Qemu	Version 0.10.2
Qemu Qemu	Version 0.10.3
Qemu Qemu	Version 0.10.4
Qemu Qemu	Version 0.10.5
Qemu Qemu	Version 0.10.6
Qemu Qemu	Version 0.11.0-rc0
Qemu Qemu	Version 0.11.0-rc1
Qemu Qemu	Version 0.11.0-rc2
Qemu Qemu	Version 0.2.0
Qemu Qemu	Version 0.3.0
Qemu Qemu	Version 0.4.0
Qemu Qemu	Version 0.4.1
Qemu Qemu	Version 0.4.2
Qemu Qemu	Version 0.4.3
Qemu Qemu	Version 0.5.0
Qemu Qemu	Version 0.5.1
Qemu Qemu	Version 0.5.2
Qemu Qemu	Version 0.5.3
Qemu Qemu	Version 0.5.4
Qemu Qemu	Version 0.5.5
Qemu Qemu	Version 0.6.0
Qemu Qemu	Version 0.6.1
Qemu Qemu	Version 0.7.0
Qemu Qemu	Version 0.7.1
Qemu Qemu	Version 0.7.2
Qemu Qemu	Version 0.8.0
Qemu Qemu	Version 0.8.1
Qemu Qemu	Version 0.8.2
Qemu Qemu	Version 0.9.0
Qemu Qemu	Version 0.9.1-5
Qemu Qemu	Version 0.9.1

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (24)

http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f

Source: secalert@redhat.com

http://marc.info/?l=oss-security&m=126510479211473&w=2

Source: secalert@redhat.com

http://marc.info/?l=oss-security&m=126527304127254&w=2

Source: secalert@redhat.com

http://wiki.qemu.org/ChangeLog

Source: secalert@redhat.com

http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html

Source: secalert@redhat.com

http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html

Source: secalert@redhat.com

http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/38158

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=557025

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/56194

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2010-0088.html

Source: secalert@redhat.com

http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=126510479211473&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=126527304127254&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://wiki.qemu.org/ChangeLog

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/38158

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=557025

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/56194

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786

Source: af854a3a-2127-422b-91ae-364da2661108

https://rhn.redhat.com/errata/RHSA-2010-0088.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.