PT-2010-2198 · Red Hat · Qemu-Kvm+3

Izik Eidus

Publicado

2010-08-19

Atualizado

2010-08-25

CVE-2010-0431

CVSS v2.0

6.6

Média

Vetor

AV:L/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Virtualization (RHEV) version 2.2 KVM version 83

Description The issue is related to the QEMU-KVM component in the Hypervisor, which does not properly validate guest QXL driver pointers. This can allow guest OS users to cause a denial of service, resulting in an invalid pointer dereference and a guest OS crash. It is also possible for attackers to gain privileges via unspecified vectors.

Recommendations For Red Hat Enterprise Virtualization (RHEV) version 2.2, update the QEMU-KVM component to a version that properly validates guest QXL driver pointers. For KVM version 83, update the QEMU-KVM component to a version that properly validates guest QXL driver pointers.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2010-0431

RHSA-2010:0622

RHSA-2010:0627

RHSA-2010_0627

Produtos afetados

Kvm

Qemu-Kvm

Red Hat

Red Hat Enterprise Virtualization

PT-2010-2198 · Red Hat · Qemu-Kvm+3

CVE-2010-0431

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8