What is the severity of CVE-2010-0297?

CVE-2010-0297 has a severity level that can lead to denial of service or potential remote code execution.

How do I fix CVE-2010-0297?

To fix CVE-2010-0297, upgrade QEMU to version 0.11.1 or later.

What versions of QEMU are affected by CVE-2010-0297?

CVE-2010-0297 affects QEMU versions prior to 0.11.1, including 0.1.0 to 0.11.0-rc1.

What types of attacks can exploit CVE-2010-0297?

CVE-2010-0297 can be exploited through crafted USB packets resulting in guest OS crashes or arbitrary code execution.

Who is affected by CVE-2010-0297?

Users running vulnerable versions of QEMU are at risk of CVE-2010-0297.

Vulnerability/
CVE-2010-0297

high

7.2

CWE

119

20/1/2010

12/2/2010

7/8/2024

CVE-2010-0297: Buffer Overflow

First published: Wed Jan 20 2010(Updated: )

Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
QEMU KVM	=0.1.6
QEMU KVM	=0.5.3
QEMU KVM	=0.4.2
QEMU KVM	=0.10.3
QEMU KVM	=0.11.0-rc1
QEMU KVM	=0.1.5
QEMU KVM	=0.5.1
QEMU KVM	=0.8.2
QEMU KVM	=0.5.5
QEMU KVM	=0.10.1
QEMU KVM	=0.9.0
QEMU KVM	=0.7.2
QEMU KVM	=0.1.3
QEMU KVM	=0.7.1
QEMU KVM	=0.9.1-5
QEMU KVM	=0.5.0
QEMU KVM	=0.8.1
QEMU KVM	=0.11.0-rc2
QEMU KVM	=0.10.0
QEMU KVM	=0.4.1
QEMU KVM	<=0.11.0
QEMU KVM	=0.5.2
QEMU KVM	=0.1.1
QEMU KVM	=0.7.0
QEMU KVM	=0.1.4
QEMU KVM	=0.9.1
QEMU KVM	=0.6.0
QEMU KVM	=0.6.1
QEMU KVM	=0.10.6
QEMU KVM	=0.11.0-rc0
QEMU KVM	=0.4.3
QEMU KVM	=0.1.2
QEMU KVM	=0.5.4
QEMU KVM	=0.10.5
QEMU KVM	=0.10.4
QEMU KVM	=0.10.2
QEMU KVM	=0.8.0
QEMU KVM	=0.1.0
QEMU KVM	=0.2.0
QEMU KVM	=0.3.0
QEMU KVM	=0.4.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-0297?
CVE-2010-0297 has a severity level that can lead to denial of service or potential remote code execution.
How do I fix CVE-2010-0297?
To fix CVE-2010-0297, upgrade QEMU to version 0.11.1 or later.
What versions of QEMU are affected by CVE-2010-0297?
CVE-2010-0297 affects QEMU versions prior to 0.11.1, including 0.1.0 to 0.11.0-rc1.
What types of attacks can exploit CVE-2010-0297?
CVE-2010-0297 can be exploited through crafted USB packets resulting in guest OS crashes or arbitrary code execution.
Who is affected by CVE-2010-0297?
Users running vulnerable versions of QEMU are at risk of CVE-2010-0297.

agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2010-0297
agent/references
agent/weakness
agent/last-modified-date
agent/severity
agent/author
agent/description
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/qemu
canonical/qemu kvm
version/qemu kvm/0.1.6
version/qemu kvm/0.5.3
version/qemu kvm/0.4.2
version/qemu kvm/0.10.3
version/qemu kvm/0.11.0-rc1
version/qemu kvm/0.1.5
version/qemu kvm/0.5.1
version/qemu kvm/0.8.2
version/qemu kvm/0.5.5
version/qemu kvm/0.10.1
version/qemu kvm/0.9.0
version/qemu kvm/0.7.2
version/qemu kvm/0.1.3
version/qemu kvm/0.7.1
version/qemu kvm/0.9.1-5
version/qemu kvm/0.5.0
version/qemu kvm/0.8.1
version/qemu kvm/0.11.0-rc2
version/qemu kvm/0.10.0
version/qemu kvm/0.4.1
version/qemu kvm/0.11.0
version/qemu kvm/0.5.2
version/qemu kvm/0.1.1
version/qemu kvm/0.7.0
version/qemu kvm/0.1.4
version/qemu kvm/0.9.1
version/qemu kvm/0.6.0
version/qemu kvm/0.6.1
version/qemu kvm/0.10.6
version/qemu kvm/0.11.0-rc0
version/qemu kvm/0.4.3
version/qemu kvm/0.1.2
version/qemu kvm/0.5.4
version/qemu kvm/0.10.5
version/qemu kvm/0.10.4
version/qemu kvm/0.10.2
version/qemu kvm/0.8.0
version/qemu kvm/0.1.0
version/qemu kvm/0.2.0
version/qemu kvm/0.3.0
version/qemu kvm/0.4.0