| Revision Date: | 2014-06-23 | Version: | 19 |
| Title: | DSA-2010 kvm -- privilege escalation/denial of service |
| Description: | Several local vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: Gleb Natapov discovered issues in the KVM subsystem where missing permission checks permit a user in a guest system to denial of service a guest or gain escalated privileges with the guest. Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service of the host system. Paolo Bonzini found a bug in KVM that can be used to bypass proper permission checking while loading segment selectors. This potentially allows privileged guest users to execute privileged instructions on the host system. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2010-0298
CVE-2010-0306
CVE-2010-0309
CVE-2010-0419
DSA-2010
|
| Platform(s): | Debian GNU/Linux 5.0
| Product(s): | kvm
|
| Definition Synopsis |
| Debian GNU/Linux 5.0 is installed AND Architecture section
Architecture independent section
Installed architecture is all
AND kvm-source is earlier than 72+dfsg-5~lenny5
OR Architecture dependent section
Supported architectures section
Installed architecture is amd64
OR Installed architecture is i386
AND kvm is earlier than 72+dfsg-5~lenny5
|