CVE-2010-0298

Name of the Vulnerable Software and Affected Versions KVM version 83

Description The issue concerns the x86 emulator in KVM, which fails to properly use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) when determining memory access for CPL3 code. This allows users of the guest OS to potentially cause a denial of service, resulting in a guest OS crash, or gain privileges on the guest OS. The exploitation can occur through access to either an IO port or an MMIO region.

Recommendations For KVM version 83, update to a version that includes the necessary fixes to properly handle CPL and IOPL for memory access.