Summary: | app-emulation/{kvm-kmod,qemu-kvm}: multiple vulnerablites (CVE-2010-{0431,0435,2784}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | jaak, qemu+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=568809 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
2010-09-03 20:54:36 UTC
CVE-2010-0435 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0435): The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. CVE-2010-2784 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2784): The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. On a quick look at the referenced links, this seems to be all about kvm-83. If that's true, that version is no longer in the tree. Yeah this has long been out of the Gentoo tree. Those versions were also never stable. Thanks for looking into it. |