CVE-2010-0298 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0298): The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.
CVE-2010-0306 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0306): The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298. CVE-2010-0309 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0309): The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file. CVE-2010-0419 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0419): The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
Gentoo doesn't have or support the kvm series, which went up to 88 before they switched to qemu-kvm. So none of these should affect anything wrt to qemu-kvm. However the kernel flaw affects kvm-kmod and sys-kernel/*
Ping security... kvm-kmod isn't vulnerable any longer as the only versions affected are already gone
GLSA request filed.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0435 The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation.
I would say everyone should upgrade to app-emulation/kvm-kmod-2.6.32.27 or app-emulation/kvm-kmod-2.6.35 and newer. Same being said for kernel versions. That will make sure everyone's fixed from all these CVE's
(In reply to comment #5) > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0435 > > The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization > (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest > OS users to cause a denial of service (NULL pointer dereference and host OS > crash) via vectors related to instruction emulation. Hi, Doug. Please do not add new issues to existing bugs. This bug is largely done while we wait to publish a GLSA. CVE-2010-0435 looks to have been handled in Bug 335872.
Well this ticket has nothing to do with qemu-kvm. It only has issues with the kernel modules as I noted a year ago. app-emulation/qemu-kvm was never vulnerable to these issues. app-emulation/kvm which had these issues was never in the tree in the affected version. So you're about to write a completely factually incorrect GLSA. However, you did mix CVEs for two different products here. So you should really separate them into qemu-kvm/kvm and kernel since you again mixed CVEs in bug #335872. To be clear, Gentoo did carry affected kernels BUT Gentoo did not carry affected userspace components.
(In reply to comment #8) > Well this ticket has nothing to do with qemu-kvm. It only has issues with the > kernel modules as I noted a year ago. > > app-emulation/qemu-kvm was never vulnerable to these issues. > app-emulation/kvm which had these issues was never in the tree in the affected > version. > > So you're about to write a completely factually incorrect GLSA. > > However, you did mix CVEs for two different products here. So you should really > separate them into qemu-kvm/kvm and kernel since you again mixed CVEs in bug > #335872. > > To be clear, Gentoo did carry affected kernels BUT Gentoo did not carry > affected userspace components. Hi, Doug. Thank you for keeping us honest. Do I understand correctly that these four vulnerabilities, CVE-2010-{0298,0306,0309,0419}, really apply to app-emulation/kvm-kmod and *not* in any way to app-emulation/qemu-kvm? You reference to bug 335872; does that bug list the correct packages? Thanks again.
This only affects the Kernel part. Closing INVALID.