Description
It was found that the virtio subsystem in qemu-kvm did not properly
validate virtqueue in and out requests from the guest. A privileged guest
user could use this flaw to trigger a buffer overflow, allowing them to
crash the guest (denial of service) or, possibly, escalate their privileges
on the host. (CVE-2011-2212)
It was found that the virtio_queue_notify() function in qemu-kvm did not
perform sufficient input validation on the value later used as an index
into the array of virtqueues. An unprivileged guest user could use this
flaw to crash the guest (denial of service) or, possibly, escalate their
privileges on the host. (CVE-2011-2512)