CVE-2011-3346

Publication date 1 April 2014

Last updated 4 August 2025

Ubuntu priority

Low

Why this priority?

Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.

Read the notes from the security team

Status

Package Ubuntu Release Status
xen 12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
xen-3.2 12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy
Not affected
qemu-kvm 12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
8.04 LTS hardy Not in release
xen-3.1 12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Ignored end of life
xen-3.3 12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Ignored end of life
10.10 maverick Ignored end of life
10.04 LTS lucid
Not affected
8.04 LTS hardy Not in release

Notes

jdstrand

redhat bug has reproducer non-privileged user in the guest can crash qemu. Requires write access to a scsi device, eg /dev/sr0 this only affected the RedHat xen packages, not qemu. Verified issue does not affect qemu-kvm on Ubuntu 12.04, 11.10, 11.04, 10.10, and 10.04 LTS by attaching a scsi CDROM and performing: sg_raw -r 32768 /dev/sr0 9E 10 00 00 00 00 00 00 00 00 00 04 00 00 00 00 sg_raw -r 32768 /dev/sr0 9E 10 00 00 00 00 00 00 00 00 00 01 00 00 00 00 hypervisor code for xen is in universe

mdeslaur

code seems different in xen, marking as not-affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
xen
qemu-kvm
xen-3.3