| Revision Date: | 2013-04-29 | Version: | 12 | | Title: | The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298. | | Description: | The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298. | | Family: | unix | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2010-0306
| | Platform(s): | CentOS Linux 5
Oracle Linux 5
Red Hat Enterprise Linux 5
| Product(s): | | | Definition Synopsis | | RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5
OR The operating system installed on the system is CentOS Linux 5.x
OR Oracle Linux 5.x
AND Configuration section
kmod-kvm is earlier than 0:83-105.el5_4.22
OR kvm-qemu-img is earlier than 0:83-105.el5_4.22
OR kvm-tools is earlier than 0:83-105.el5_4.22
OR kvm is earlier than 0:83-105.el5_4.22
|
|