CVE-2010-2784

Name of the Vulnerable Software and Affected Versions QEMU-KVM versions as used in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83

Description The issue is related to the subpage MMIO initialization functionality in the subpage register function in exec.c. This functionality does not properly select the index for access to the callback array. As a result, guest OS users can cause a denial of service, leading to a guest OS crash, or possibly gain privileges via unspecified vectors.

Recommendations For QEMU-KVM versions as used in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, consider restricting access to the subpage register function in exec.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.