Detections
Analytics

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.209.AXS4.4 (AXSA:2012-478:01)

critical Nessus Plugin ID 284204

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-478:01 advisory.

 KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware.
 Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc.
 Security issues fixed with this release:
 CVE-2011-2527 CVE-2011-4111 No information available at the time of writing, see the CVE link below.
 CVE-2012-0029 Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
 No information available at the time of writing, see the CVE link below.
 Fixed bugs:
 qemu-kvm scsi option can be used along the device option. Previously, when set to off, it did not disable the scsi feature but just hid the feature bit, allowing for malicious users to ignore the feature bit and issue a request. This scsi=off option can be used to mitigate the virtualization aspect of CVE-2011-4127 before installing the kernel from <A HREF=http://www.asianux.com/tsn_hq/index.php?m=errata&a=detail&eid=2720&sType... AXSA:2012-228:02</A>. If it is already installed, you can skip changing the scsi option.Other wise run the guests by invoking /usr/libexec/qemu-kvm directly and use the -global virtio-blk-pci.scsi=off option to apply the mitigation.
 Enhancement:
 qemu-kvm is now built with full RELRO and PIE support.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected qemu-img, qemu-kvm and / or qemu-kvm-tools packages.

See Also

https://tsn.miraclelinux.com/en/node/2973

Plugin Details

Severity: Critical

ID: 284204

File Name: miracle_linux_AXSA-2012-478.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.4

Temporal Score: 5.5

Vector: CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2012-0029

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:qemu-kvm-tools, p-cpe:/a:miracle:linux:qemu-kvm, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:qemu-img

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/12/2012

Vulnerability Publication Date: 7/12/2011

Reference Information

CVE: CVE-2011-2527, CVE-2011-4111, CVE-2012-0029