| Vulnerability Name: | CVE-2010-0430 (CCN-90124) |
| Assigned: | 2010-03-30 |
| Published: | 2010-03-30 |
| Updated: | 2013-12-27 |
| Summary: | libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings. |
| CVSS v3 Severity: | 7.6 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)| Exploitability Metrics: | Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required | | Scope: | Scope (S): Changed
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 7.4 High (CVSS v2 Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C)
5.4 Medium (Temporal CVSS v2 Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance | | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
7.4 High (CCN CVSS v2 Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C)
5.4 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
6.6 Medium (REDHAT CVSS v2 Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C)
4.9 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): Single_Instance | | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-119
|
| Vulnerability Consequences: | Gain Privileges |
| References: | Source: CCN
Type: QEMU Web page
QEMU
Source: MITRE
Type: CNA
CVE-2010-0430
Source: REDHAT
Type: Vendor Advisory
RHSA-2010:0271
Source: CCN
Type: Red Hat Bugzilla Bug 568702
CVE-2010-0430 libspice: Insufficient guest provided memory mappings boundaries validations
Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=568702
Source: XF
Type: UNKNOWN
qemu-cve20100430-priv-esc(90124)
Source: REDHAT
Type: Vendor Advisory
RHSA-2010:0476
Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2010-0430
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:redhat:enterprise_virtualization_hypervisor:*:*:*:*:*:*:*:* (Version <= 5.4-2.1)
Configuration RedHat 1:
cpe:/a:redhat:rhel_virtualization:5:*:*:*:*:*:*:*
Configuration RedHat 2:
cpe:/a:redhat:rhel_virtualization:5::client:*:*:*:*:*
Configuration RedHat 3:
cpe:/a:redhat:rhel_virtualization:5::server:*:*:*:*:*
Configuration CCN 1:
cpe:/a:redhat:enterprise_virtualization_hypervisor:5.4-2.1:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.mitre.oval:def:22892 | P | ELSA-2010:0271: kvm security, bug fix and enhancement update (Important) | 2014-05-26 | | oval:org.mitre.oval:def:22035 | P | RHSA-2010:0271: kvm security, bug fix and enhancement update (Important) | 2014-02-24 | | oval:com.ubuntu.precise:def:20100430000 | V | CVE-2010-0430 on Ubuntu 12.04 LTS (precise) - medium. | 2013-12-26 | | oval:org.mitre.oval:def:11131 | V | The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. | 2013-04-29 | | oval:com.redhat.rhsa:def:20100271 | P | RHSA-2010:0271: kvm security, bug fix and enhancement update (Important) | 2010-03-30 |
|
| BACK |