|
|
Log in / Subscribe / Register

kvm: denial of service

Package(s):kvm CVE #(s):CVE-2010-0431 CVE-2010-0435 CVE-2010-2784
Created:August 20, 2010 Updated:March 3, 2011
Description: From the Red Hat advisory:

It was found that QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0431)

A flaw was found in QEMU-KVM, allowing the guest some control over the index used to access the callback array during sub-page MMIO initialization. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-2784)

A NULL pointer dereference flaw was found when the host system had a processor with the Intel VT-x extension enabled. A privileged guest user could use this flaw to trick the host into emulating a certain instruction, which could crash the host (denial of service). (CVE-2010-0435)

Alerts:
Oracle ELSA-2013-1645 kernel 2013-11-26
Ubuntu USN-1083-1 linux-lts-backport-maverick 2011-03-03
Ubuntu USN-1073-1 linux, linux-ec2 2011-02-25
Ubuntu USN-1072-1 linux 2011-02-25
Ubuntu USN-1054-1 linux, linux-ec2 2011-02-01
Debian DSA-2153-1 linux-2.6 kernel 2011-01-30
openSUSE openSUSE-SU-2011:0004-1 kernel 2011-01-03
CentOS CESA-2010:0627 kvm 2010-08-27
Red Hat RHSA-2010:0627-01 kvm 2010-08-19
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds