Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.1
CVSSv2

CVE-2010-0306

Published: 12/02/2010 Updated: 19/09/2017
CVSS v2 Base Score: 4.1 | Impact Score: 6.4 | Exploitability Score: 2.7
VMScore: 365
Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P
Subscribe to Kvm

Vulnerability Summary

The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.

Vulnerable Product Search on Vulmon Subscribe to Product

kvm qumranet kvm 83

Vendor Advisories

Red Hat: Important: kvm security and bug fix update
Synopsis Important: kvm security and bug fix update Type/Severity Security Advisory: Important Topic Updated kvm packages that fix multiple security issues and several bugs arenow available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Security R ...
Debian Security Advisories: DSA-2010-1 kvm -- privilege escalation/denial of service
Several local vulnerabilities have been discovered in kvm, a full virtualization system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0298 CVE-2010-0306 Gleb Natapov discovered issues in the KVM subsystem where missing permission checks (CPL/IOPL) permit a user in a guest system to de ...
Ubuntu Security Notice: linux, linux-source-2.6.15 vulnerabilities
Multiple flaws in the Linux kernel ...
Ubuntu Security Notice: linux regression
KVM regressed under some conditions in the Linux kernel ...

References

CWE-264http://secunia.com/advisories/38499https://rhn.redhat.com/errata/RHSA-2010-0095.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0088.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=560654http://www.securityfocus.com/bid/38158http://www.debian.org/security/2010/dsa-1996http://secunia.com/advisories/38492https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953https://access.redhat.com/errata/RHSA-2010:0088https://nvd.nist.govhttps://usn.ubuntu.com/947-1/https://www.debian.org/security/./dsa-2010
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook