Upstream information

CVE-2010-0297 at MITRE

Description

Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.2
Vector AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Note from the SUSE Security Team

KVM virtualization is not present in SUSE Linux Enterprise 9 and SUSE Linux Enterprise 10, so neither of them are affected by this issue.

SUSE Bugzilla entry: 569233 [RESOLVED / WONTFIX]

No SUSE Security Announcements cross referenced.