FKIE_CVE-2010-0297

Vulnerability from fkie_nvd - Published: 2010-02-12 19:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.
References
secalert@redhat.comhttp://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f
secalert@redhat.comhttp://marc.info/?l=oss-security&m=126510479211473&w=2
secalert@redhat.comhttp://marc.info/?l=oss-security&m=126527304127254&w=2
secalert@redhat.comhttp://wiki.qemu.org/ChangeLog
secalert@redhat.comhttp://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html
secalert@redhat.comhttp://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html
secalert@redhat.comhttp://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html
secalert@redhat.comhttp://www.securityfocus.com/bid/38158
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=557025
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/56194
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2010-0088.html
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=126510479211473&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=126527304127254&w=2
af854a3a-2127-422b-91ae-364da2661108http://wiki.qemu.org/ChangeLog
af854a3a-2127-422b-91ae-364da2661108http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html
af854a3a-2127-422b-91ae-364da2661108http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html
af854a3a-2127-422b-91ae-364da2661108http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/38158
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=557025
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/56194
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2010-0088.html
Impacted products
Vendor Product Version
qemu qemu *
qemu qemu 0.1.0
qemu qemu 0.1.1
qemu qemu 0.1.2
qemu qemu 0.1.3
qemu qemu 0.1.4
qemu qemu 0.1.5
qemu qemu 0.1.6
qemu qemu 0.2.0
qemu qemu 0.3.0
qemu qemu 0.4.0
qemu qemu 0.4.1
qemu qemu 0.4.2
qemu qemu 0.4.3
qemu qemu 0.5.0
qemu qemu 0.5.1
qemu qemu 0.5.2
qemu qemu 0.5.3
qemu qemu 0.5.4
qemu qemu 0.5.5
qemu qemu 0.6.0
qemu qemu 0.6.1
qemu qemu 0.7.0
qemu qemu 0.7.1
qemu qemu 0.7.2
qemu qemu 0.8.0
qemu qemu 0.8.1
qemu qemu 0.8.2
qemu qemu 0.9.0
qemu qemu 0.9.1
qemu qemu 0.9.1-5
qemu qemu 0.10.0
qemu qemu 0.10.1
qemu qemu 0.10.2
qemu qemu 0.10.3
qemu qemu 0.10.4
qemu qemu 0.10.5
qemu qemu 0.10.6
qemu qemu 0.11.0-rc0
qemu qemu 0.11.0-rc1
qemu qemu 0.11.0-rc2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC82C230-B8CA-478D-A8F1-E94172B37664",
              "versionEndIncluding": "0.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC82CD08-F151-489C-9BC4-50C8C9583718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D04344-C6CE-40D5-97ED-42B3DBA1AAD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "71CC4D45-66BE-4C23-B541-DD4604ACC9FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E41058D-380C-4098-96FB-53CC158ED420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE12226-C599-45A2-8CFD-32753F94204B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C06F8832-B32F-4352-B048-A4ADCE85373E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5278C685-988B-40D7-9AE9-B4FB8AF41C8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C6B20B-2E5D-4D25-885A-227A4BE5EEBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2FF7251-031D-4A9B-9AF0-1FFE556456D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D942D17-1AA9-4D5A-8F5E-0F4F762522D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2519BF-5F68-4096-8DE2-2C7BCF7200D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B00BD71-2AE5-47BA-999A-7E89590B86C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA6701A9-78CC-49D0-A40A-CB1C774400AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B5A7F2-B5B2-46CF-BBD0-AB986A8E55EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBEBD56F-EFBC-4620-A77C-E215A7AFDAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C45EA44-ECD1-40A7-89CE-D770BDC9DB4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83088B0F-A6F8-4F47-99C0-09FEA234272F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E948D4-6C1A-43D2-B128-1A728FD61703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6470915C-CA3C-42CA-B69B-0FC40A33D02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "759505BA-6F19-4BAE-8297-D8F30EEC8D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A98CC34-2DB7-46CD-AA60-A7C08DDF22B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E424B63B-DCD8-4209-A4CB-84C1EDF5B255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9576AA2-2FDD-4063-8D84-DE8DB063AC54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "544368B2-37BE-41DD-8DC2-F04B6A394696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14A6B570-09CE-4AFF-AC8C-51F37FC79811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC5670FB-B9EA-4B9C-BB7B-575494F12CA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1D35E0-2033-4ADE-9ADA-3B45996B53B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6205775B-4A83-498F-A60E-54473F5D5704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8BCDB83-93ED-43CC-9D12-FAB227BE48CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "39A6382B-A08C-4D58-B3F9-D74132A74B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7483B9F2-246C-4B78-9EFA-7734B7209054",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83436B8-AFC9-4AA2-8414-1F703812718D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCA47F54-B59B-45EC-B5D4-DF544E4BE1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4786DEA6-6F23-4969-B7E0-C664FCB2284E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA3CABBB-9C1F-4ACD-A2AC-8320348DDA99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0ED046D-26E2-4E01-BAB1-F86249A2E827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE2585F-9F3C-445C-B0A4-CC214B23F2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F061815-F34A-431A-9BF3-020348CB5C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE5017A8-9600-422D-A612-CBEF1C3A1E1C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la funci\u00f3n  usb_host_handle_control en la implementaci\u00f3n del manejo a trav\u00e9s de usb-linux.c en QEMU anterior a 0.11.1, permite a invitados del SO provocar una denegaci\u00f3n de servicio (ca\u00edda o cuelgue del sistema) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un paquete USB manipulado."
    }
  ],
  "id": "CVE-2010-0297",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-02-12T19:30:00.503",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=126510479211473\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=126527304127254\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.qemu.org/ChangeLog"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/38158"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=557025"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56194"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=126510479211473\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=126527304127254\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.qemu.org/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/38158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=557025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.