PT-2010-2196 · Red Hat · Red Hat Enterprise Virtualization+4

Published

2010-08-19

Updated

2010-08-25

CVE-2010-0428

CVSS v2.0

6.6

Medium

Vector

AV:L/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libspice versions as used in QEMU-KVM in Red Hat Enterprise Virtualization (RHEV) 2.2 qspice version 0.3.0

Description The issue is related to the improper validation of guest QXL driver pointers in libspice, which can lead to a denial of service due to an invalid pointer dereference, causing the guest OS to crash. It is also possible for attackers to gain privileges via unspecified vectors.

Recommendations For libspice as used in QEMU-KVM in Red Hat Enterprise Virtualization (RHEV) 2.2, update to a version that properly validates guest QXL driver pointers. For qspice version 0.3.0, update to a version that properly validates guest QXL driver pointers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2010-0428

RHSA-2010:0622

RHSA-2010:0633

RHSA-2010_0633

Affected Products

Qemu-Kvm

Red Hat

Red Hat Enterprise Virtualization

Libspice

Qspice

PT-2010-2196 · Red Hat · Red Hat Enterprise Virtualization+4

CVE-2010-0428

Weakness Enumeration

Related Identifiers

Affected Products

References · 7