CVE Vulnerabilities

CVE-2010-2784

Published: Aug 24, 2010 | Modified: Aug 25, 2010
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.6 MEDIUM
AV:L/AC:M/Au:S/C:C/I:C/A:C
RedHat/V2
6.6 IMPORTANT
AV:L/AC:M/Au:S/C:C/I:C/A:C
RedHat/V3
Ubuntu

The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Enterprise_virtualization Redhat 2.2 2.2
Kvm Redhat 83 83
Red Hat Enterprise Linux 5 RedHat kvm-0:83-164.el5_5.21 *
Red Hat Enterprise Virtualization for RHEL-5 RedHat rhev-hypervisor-0:5.5-2.2.6.1.el5_5rhev2_2 *
Kvm Ubuntu hardy *
Kvm Ubuntu jaunty *
Qemu-kvm Ubuntu devel *
Qemu-kvm Ubuntu karmic *
Qemu-kvm Ubuntu lucid *

References