|
|
| |
|
| |
kvm: multiple vulnerabilities
| Package(s): | kvm |
CVE #(s): | CVE-2010-0297
CVE-2010-0298
CVE-2010-0306
CVE-2010-0309
|
| Created: | February 9, 2010 |
Updated: | June 4, 2010 |
| Description: |
From the Red Hat advisory:
The x86 emulator implementation was missing a check for the Current
Privilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guest
could leverage these flaws to cause a denial of service (guest crash) or
possibly escalate their privileges within that guest. (CVE-2010-0298,
CVE-2010-0306)
A flaw was found in the Programmable Interval Timer (PIT) emulation. Access
to the internal data structure pit_state, which represents the data state
of the emulated PIT, was not properly validated in the pit_ioport_read()
function. A privileged guest user could use this flaw to crash the host.
(CVE-2010-0309)
A flaw was found in the USB passthrough handling code. A specially-crafted
USB packet sent from inside a guest could be used to trigger a buffer
overflow in the usb_host_handle_control() function, which runs under the
QEMU-KVM context on the host. A user in a guest could leverage this flaw to
cause a denial of service (guest hang or crash) or possibly escalate their
privileges within the host. (CVE-2010-0297)
|
| Alerts: |
|
( Log in to post comments)
|
|
|