Published: 12/02/2010 Updated: 19/09/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Important: kvm security and bug fix update Type/Severity Security Advisory: Important Topic Updated kvm packages that fix multiple security issues and several bugs arenow available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Security R ...

Several local vulnerabilities have been discovered in kvm, a full virtualization system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0298 CVE-2010-0306 Gleb Natapov discovered issues in the KVM subsystem where missing permission checks (CPL/IOPL) permit a user in a guest system to de ...

Multiple flaws in the Linux kernel ...

KVM regressed under some conditions in the Linux kernel ...

CWE-264 http://www.securityfocus.com/bid/38158 https://bugzilla.redhat.com/show_bug.cgi?id=559091 https://rhn.redhat.com/errata/RHSA-2010-0095.html https://rhn.redhat.com/errata/RHSA-2010-0088.html http://www.debian.org/security/2010/dsa-1996 http://secunia.com/advisories/38492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11335 https://access.redhat.com/errata/RHSA-2010:0088 https://nvd.nist.gov https://usn.ubuntu.com/947-1/https://www.debian.org/security/./dsa-2010

CVE-2010-0298

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect