DSA-2282-1 qemu-kvm -- severalID: oval:org.secpod.oval:def:600597 | Date: (C)2011-07-29 (M)2023-02-20 |
Class: PATCH | Family: unix |
Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-2212 Nelson Elhage discovered a buffer overflow in the virtio subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2527 Andrew Griffiths discovered that group privileges were insufficiently dropped when started with -runas option, resulting in privilege escalation.