PT-2010-2198 · Red Hat · Qemu-Kvm+3

Izik Eidus

Published

2010-08-19

Updated

2010-08-25

CVE-2010-0431

CVSS v2.0

6.6

Medium

Vector

AV:L/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Virtualization (RHEV) version 2.2 KVM version 83

Description The issue is related to the QEMU-KVM component in the Hypervisor, which does not properly validate guest QXL driver pointers. This can allow guest OS users to cause a denial of service, resulting in an invalid pointer dereference and a guest OS crash. It is also possible for attackers to gain privileges via unspecified vectors.

Recommendations For Red Hat Enterprise Virtualization (RHEV) version 2.2, update the QEMU-KVM component to a version that properly validates guest QXL driver pointers. For KVM version 83, update the QEMU-KVM component to a version that properly validates guest QXL driver pointers.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2010-0431

RHSA-2010:0622

RHSA-2010:0627

RHSA-2010_0627

Affected Products

Kvm

Qemu-Kvm

Red Hat

Red Hat Enterprise Virtualization

PT-2010-2198 · Red Hat · Qemu-Kvm+3

CVE-2010-0431

Weakness Enumeration

Related Identifiers

Affected Products

References · 8