RHSA-2016:1585-01 -- Redhat qemu-kvm, qemu-guest-agentID: oval:org.secpod.oval:def:501859 | Date: (C)2016-08-16 (M)2023-12-20 |
Class: PATCH | Family: unix |
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * Quick emulator built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest. Red Hat would like to thank hongzhenhao for reporting this issue.
Platform: |
Red Hat Enterprise Linux 6 |
Product: |
qemu-kvm |
qemu-guest-agent |