Upstream information

CVE-2010-0297 at MITRE

Description

Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.2
Vector AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Note from the SUSE Security Team

KVM virtualization is not present in SLES 9 and SLES 10, so neither of them are affected by this issue.,KVM virtualization is not present in SUSE Linux Enterprise 9 and SUSE Linux Enterprise 10, so neither of them are affected by this issue.

SUSE Bugzilla entry: 569233 [RESOLVED / WONTFIX]

No SUSE Security Announcements cross referenced.