Action not permitted
Modal body text goes here.
cve-2010-0306
Vulnerability from cvelistv5
Published
2010-02-12 19:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:45:11.836Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654" }, { "name": "38158", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/38158" }, { "name": "RHSA-2010:0088", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html" }, { "name": "oval:org.mitre.oval:def:10953", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953" }, { "name": "DSA-1996", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-1996" }, { "name": "RHSA-2010:0095", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "name": "38499", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38499" }, { "name": "38492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38492" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-02-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654" }, { "name": "38158", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/38158" }, { "name": "RHSA-2010:0088", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html" }, { "name": "oval:org.mitre.oval:def:10953", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953" }, { "name": "DSA-1996", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-1996" }, { "name": "RHSA-2010:0095", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "name": "38499", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38499" }, { "name": "38492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38492" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-0306", "datePublished": "2010-02-12T19:00:00", "dateReserved": "2010-01-12T00:00:00", "dateUpdated": "2024-08-07T00:45:11.836Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2010-0306\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-02-12T19:30:00.597\",\"lastModified\":\"2024-11-21T01:11:56.637\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.\"},{\"lang\":\"es\",\"value\":\"El emulador x86 en KVM3, cuando un invitado est\u00e1 configurado para Symmetric Multiprocessing (SMP), no usa Current Privilege Level (CPL) e I/O Privilege Level (IOPL) para restringir las instrucciones de ejecuci\u00f3n, lo que permite a usuarios invitados del OS provocar una denegaci\u00f3n de servicio (ca\u00edda o cuelgue del sistema) o elevar sus privilegios aprovechando el acceso al (1) puerto IO o (2) a la regi\u00f3n MMIO, y sustituyendo una instrucci\u00f3n entre la entrada del emulador y el analizador de instrucciones. Cuesti\u00f3n relacionada con CVE-2010-0298.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":4.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":2.7,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kvm_qumranet:kvm:83:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3A6CCA1-63AD-423E-8249-362557524FAA\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/38492\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38499\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2010/dsa-1996\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/38158\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=560654\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0088.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0095.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/38492\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38499\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2010/dsa-1996\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/38158\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=560654\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0088.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0095.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
ghsa-xpcm-5q5j-h76x
Vulnerability from github
Published
2022-05-02 06:11
Modified
2022-05-02 06:11
Details
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.
{ "affected": [], "aliases": [ "CVE-2010-0306" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2010-02-12T19:30:00Z", "severity": "MODERATE" }, "details": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.", "id": "GHSA-xpcm-5q5j-h76x", "modified": "2022-05-02T06:11:40Z", "published": "2022-05-02T06:11:40Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0306" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953" }, { "type": "WEB", "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html" }, { "type": "WEB", "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/38492" }, { "type": "WEB", "url": "http://secunia.com/advisories/38499" }, { "type": "WEB", "url": "http://www.debian.org/security/2010/dsa-1996" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/38158" } ], "schema_version": "1.4.0", "severity": [] }
gsd-2010-0306
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2010-0306", "description": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.", "id": "GSD-2010-0306", "references": [ "https://www.suse.com/security/cve/CVE-2010-0306.html", "https://www.debian.org/security/2010/dsa-2010", "https://www.debian.org/security/2010/dsa-1996", "https://access.redhat.com/errata/RHSA-2010:0095", "https://access.redhat.com/errata/RHSA-2010:0088", "https://linux.oracle.com/cve/CVE-2010-0306.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2010-0306" ], "details": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.", "id": "GSD-2010-0306", "modified": "2023-12-13T01:21:28.707867Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-0306", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://rhn.redhat.com/errata/RHSA-2010-0095.html", "refsource": "MISC", "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "name": "http://secunia.com/advisories/38492", "refsource": "MISC", "url": "http://secunia.com/advisories/38492" }, { "name": "http://www.debian.org/security/2010/dsa-1996", "refsource": "MISC", "url": "http://www.debian.org/security/2010/dsa-1996" }, { "name": "http://www.securityfocus.com/bid/38158", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/38158" }, { "name": "https://rhn.redhat.com/errata/RHSA-2010-0088.html", "refsource": "MISC", "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html" }, { "name": "http://secunia.com/advisories/38499", "refsource": "MISC", "url": "http://secunia.com/advisories/38499" }, { "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953", "refsource": "MISC", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=560654", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:kvm_qumranet:kvm:83:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-0306" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-264" } ] } ] }, "references": { "reference_data": [ { "name": "38499", "refsource": "SECUNIA", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/38499" }, { "name": "RHSA-2010:0095", "refsource": "REDHAT", "tags": [], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "name": "RHSA-2010:0088", "refsource": "REDHAT", "tags": [], "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=560654", "refsource": "CONFIRM", "tags": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654" }, { "name": "38158", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/38158" }, { "name": "DSA-1996", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2010/dsa-1996" }, { "name": "38492", "refsource": "SECUNIA", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/38492" }, { "name": "oval:org.mitre.oval:def:10953", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 2.7, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true } }, "lastModifiedDate": "2017-09-19T01:30Z", "publishedDate": "2010-02-12T19:30Z" } } }
rhsa-2010_0095
Vulnerability from csaf_redhat
Published
2010-02-09 15:23
Modified
2024-11-14 10:48
Summary
Red Hat Security Advisory: rhev-hypervisor security and bug fix update
Notes
Topic
An updated rhev-hypervisor package that fixes security issues and several
bugs is now available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
The rhev-hypervisor package provides a Red Hat Enterprise Virtualization
(RHEV) Hypervisor ISO disk image. The RHEV Hypervisor is a dedicated
Kernel-based Virtual Machine (KVM) hypervisor. It includes everything
necessary to run and manage virtual machines: A subset of the Red Hat
Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: RHEV Hypervisor is only available for the Intel 64 and AMD64
architectures with virtualization extensions.
A flaw was found in the IPv6 Extension Header (EH) handling
implementation in the Linux kernel. The skb->dst data structure was not
properly validated in the ipv6_hop_jumbo() function. This could possibly
lead to a remote denial of service. (CVE-2007-4567)
The Parallels Virtuozzo Containers team reported two flaws in the routing
implementation. If an attacker was able to cause a large enough number of
collisions in the routing hash table (via specially-crafted packets) for
the emergency route flush to trigger, a deadlock could occur. Secondly, if
the kernel routing cache was disabled, an uninitialized pointer would be
left behind after a route lookup, leading to a kernel panic.
(CVE-2009-4272)
A flaw was found in each of the following Intel PRO/1000 Linux drivers in
the Linux kernel: e1000 and e1000e. A remote attacker using packets larger
than the MTU could bypass the existing fragment check, resulting in
partial, invalid frames being passed to the network stack. These flaws
could also possibly be used to trigger a remote denial of service.
(CVE-2009-4536, CVE-2009-4538)
A flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel.
Receiving overly-long frames with a certain revision of the network cards
supported by this driver could possibly result in a remote denial of
service. (CVE-2009-4537)
The x86 emulator implementation was missing a check for the Current
Privilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guest
could leverage these flaws to cause a denial of service (guest crash) or
possibly escalate their privileges within that guest. (CVE-2010-0298,
CVE-2010-0306)
A flaw was found in the Programmable Interval Timer (PIT) emulation. Access
to the internal data structure pit_state, which represents the data state
of the emulated PIT, was not properly validated in the pit_ioport_read()
function. A privileged guest user could use this flaw to crash the host.
(CVE-2010-0309)
This updated package provides updated components that include fixes for
security issues; however, these issues have no security impact for RHEV
Hypervisor. These fixes are for kernel issues CVE-2006-6304, CVE-2009-2910,
CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020,
CVE-2009-4021, CVE-2009-4138, and CVE-2009-4141; ntp issue CVE-2009-3563;
dbus issue CVE-2009-1189; dnsmasq issues CVE-2009-2957 and CVE-2009-2958;
gnutls issue CVE-2009-2730; krb5 issue CVE-2009-4212; bind issue
CVE-2010-0097; gzip issue CVE-2010-0001; openssl issues CVE-2009-2409 and
CVE-2009-4355; and gcc issue CVE-2009-3736.
This update also fixes the following bugs:
* on systems with a large number of disk devices, USB storage devices may
get enumerated after "/dev/sdz", for example, "/dev/sdcd". This was not
handled by the udev rules, resulting in a missing "/dev/live" symbolic
link, causing installations from USB media to fail. With this update, udev
rules correctly handle USB storage devices on systems with a large number
of disk devices, which resolves this issue. (BZ#555083)
As RHEV Hypervisor is based on KVM, the bug fixes from the KVM update
RHSA-2010:0088 have been included in this update:
https://rhn.redhat.com/errata/RHSA-2010-0088.html
Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated rhev-hypervisor package that fixes security issues and several\nbugs is now available.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\n(RHEV) Hypervisor ISO disk image. The RHEV Hypervisor is a dedicated\nKernel-based Virtual Machine (KVM) hypervisor. It includes everything\nnecessary to run and manage virtual machines: A subset of the Red Hat\nEnterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: RHEV Hypervisor is only available for the Intel 64 and AMD64\narchitectures with virtualization extensions.\n\nA flaw was found in the IPv6 Extension Header (EH) handling\nimplementation in the Linux kernel. The skb-\u003edst data structure was not\nproperly validated in the ipv6_hop_jumbo() function. This could possibly\nlead to a remote denial of service. (CVE-2007-4567)\n\nThe Parallels Virtuozzo Containers team reported two flaws in the routing\nimplementation. If an attacker was able to cause a large enough number of\ncollisions in the routing hash table (via specially-crafted packets) for\nthe emergency route flush to trigger, a deadlock could occur. Secondly, if\nthe kernel routing cache was disabled, an uninitialized pointer would be\nleft behind after a route lookup, leading to a kernel panic.\n(CVE-2009-4272)\n\nA flaw was found in each of the following Intel PRO/1000 Linux drivers in\nthe Linux kernel: e1000 and e1000e. A remote attacker using packets larger\nthan the MTU could bypass the existing fragment check, resulting in\npartial, invalid frames being passed to the network stack. These flaws\ncould also possibly be used to trigger a remote denial of service.\n(CVE-2009-4536, CVE-2009-4538)\n\nA flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel.\nReceiving overly-long frames with a certain revision of the network cards\nsupported by this driver could possibly result in a remote denial of\nservice. (CVE-2009-4537)\n\nThe x86 emulator implementation was missing a check for the Current\nPrivilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guest\ncould leverage these flaws to cause a denial of service (guest crash) or\npossibly escalate their privileges within that guest. (CVE-2010-0298,\nCVE-2010-0306)\n\nA flaw was found in the Programmable Interval Timer (PIT) emulation. Access\nto the internal data structure pit_state, which represents the data state\nof the emulated PIT, was not properly validated in the pit_ioport_read()\nfunction. A privileged guest user could use this flaw to crash the host.\n(CVE-2010-0309)\n\nThis updated package provides updated components that include fixes for\nsecurity issues; however, these issues have no security impact for RHEV\nHypervisor. These fixes are for kernel issues CVE-2006-6304, CVE-2009-2910,\nCVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020,\nCVE-2009-4021, CVE-2009-4138, and CVE-2009-4141; ntp issue CVE-2009-3563;\ndbus issue CVE-2009-1189; dnsmasq issues CVE-2009-2957 and CVE-2009-2958;\ngnutls issue CVE-2009-2730; krb5 issue CVE-2009-4212; bind issue \nCVE-2010-0097; gzip issue CVE-2010-0001; openssl issues CVE-2009-2409 and \nCVE-2009-4355; and gcc issue CVE-2009-3736.\n\nThis update also fixes the following bugs:\n\n* on systems with a large number of disk devices, USB storage devices may\nget enumerated after \"/dev/sdz\", for example, \"/dev/sdcd\". This was not\nhandled by the udev rules, resulting in a missing \"/dev/live\" symbolic\nlink, causing installations from USB media to fail. With this update, udev\nrules correctly handle USB storage devices on systems with a large number\nof disk devices, which resolves this issue. (BZ#555083)\n\nAs RHEV Hypervisor is based on KVM, the bug fixes from the KVM update\nRHSA-2010:0088 have been included in this update:\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0088.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0095", "url": "https://access.redhat.com/errata/RHSA-2010:0095" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://rhn.redhat.com/errata/RHSA-2010-0088.html", "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html" }, { "category": "external", "summary": "545411", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545411" }, { "category": "external", "summary": "548641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=548641" }, { "category": "external", "summary": "550907", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=550907" }, { "category": "external", "summary": "551214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=551214" }, { "category": "external", "summary": "552126", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552126" }, { "category": "external", "summary": "559091", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559091" }, { "category": "external", "summary": "560654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654" }, { "category": "external", "summary": "560887", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560887" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0095.json" } ], "title": "Red Hat Security Advisory: rhev-hypervisor security and bug fix update", "tracking": { "current_release_date": "2024-11-14T10:48:03+00:00", "generator": { "date": "2024-11-14T10:48:03+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0095", "initial_release_date": "2010-02-09T15:23:00+00:00", "revision_history": [ { "date": "2010-02-09T15:23:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-02-09T10:23:40+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:48:03+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Virtualization Hypervisor 5", "product": { "name": "Red Hat Enterprise Virtualization Hypervisor 5", "product_id": "5Server-RHEV-Hypervisor-2", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::hypervisor" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "product": { "name": "rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "product_id": "rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhev-hypervisor@5.4-2.1.8.el5_4rhev2_1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "product": { "name": "rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "product_id": "rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhev-hypervisor@5.4-2.1.8.el5_4rhev2_1?arch=noarch" } } }, { "category": "product_version", "name": "rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch", "product": { "name": "rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch", "product_id": "rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhev-hypervisor-pxe@5.4-2.1.8.el5_4rhev2_1?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch as a component of Red Hat Enterprise Virtualization Hypervisor 5", "product_id": "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch" }, "product_reference": "rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "relates_to_product_reference": "5Server-RHEV-Hypervisor-2" }, { "category": "default_component_of", "full_product_name": { "name": "rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src as a component of Red Hat Enterprise Virtualization Hypervisor 5", "product_id": "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src" }, "product_reference": "rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "relates_to_product_reference": "5Server-RHEV-Hypervisor-2" }, { "category": "default_component_of", "full_product_name": { "name": "rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch as a component of Red Hat Enterprise Virtualization Hypervisor 5", "product_id": "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" }, "product_reference": "rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch", "relates_to_product_reference": "5Server-RHEV-Hypervisor-2" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-4567", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2009-12-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "548641" } ], "notes": [ { "category": "description", "text": "The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: ipv6_hop_jumbo remote system crash", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit a11d206d that introduced the problem.\n\nThis upstream commit was backported in Red Hat Enterprise Linux 5 via RHBA-2008:0314. It was reported and addressed in Red Hat Enterprise Linux 5 via RHSA-2010:0019.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4567" }, { "category": "external", "summary": "RHBZ#548641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=548641" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4567", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4567" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4567", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4567" } ], "release_date": "2007-09-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-09T15:23:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0095" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: ipv6_hop_jumbo remote system crash" }, { "cve": "CVE-2009-4272", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2009-12-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "545411" } ], "notes": [ { "category": "description", "text": "A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing \"emergency\" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: emergency route cache flushing leads to node deadlock", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commits c6153b5b and 1080d709 that introduced the problem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-4272" }, { "category": "external", "summary": "RHBZ#545411", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545411" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4272", "url": "https://www.cve.org/CVERecord?id=CVE-2009-4272" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4272", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4272" } ], "release_date": "2010-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-09T15:23:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0095" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: emergency route cache flushing leads to node deadlock" }, { "cve": "CVE-2009-4536", "discovery_date": "2009-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "552126" } ], "notes": [ { "category": "description", "text": "drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: e1000 issue reported at 26c3", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-4536" }, { "category": "external", "summary": "RHBZ#552126", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552126" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4536", "url": "https://www.cve.org/CVERecord?id=CVE-2009-4536" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4536", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4536" } ], "release_date": "2009-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-09T15:23:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0095" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:C", "version": "2.0" }, "products": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: e1000 issue reported at 26c3" }, { "cve": "CVE-2009-4537", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2009-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "550907" } ], "notes": [ { "category": "description", "text": "drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing \u0027\\0\u0027 characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: r8169 issue reported at 26c3", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-4537" }, { "category": "external", "summary": "RHBZ#550907", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=550907" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4537", "url": "https://www.cve.org/CVERecord?id=CVE-2009-4537" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4537" } ], "release_date": "2009-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-09T15:23:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0095" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: r8169 issue reported at 26c3" }, { "cve": "CVE-2009-4538", "discovery_date": "2009-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "551214" } ], "notes": [ { "category": "description", "text": "drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: e1000e frame fragment issue", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-4538" }, { "category": "external", "summary": "RHBZ#551214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=551214" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4538", "url": "https://www.cve.org/CVERecord?id=CVE-2009-4538" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4538", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4538" } ], "release_date": "2009-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-09T15:23:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0095" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: e1000e frame fragment issue" }, { "cve": "CVE-2010-0298", "discovery_date": "2010-01-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "559091" } ], "notes": [ { "category": "description", "text": "The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.", "title": "Vulnerability description" }, { "category": "summary", "text": "kvm: emulator privilege escalation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0298" }, { "category": "external", "summary": "RHBZ#559091", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559091" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0298", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0298" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0298", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0298" } ], "release_date": "2010-02-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-09T15:23:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0095" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kvm: emulator privilege escalation" }, { "cve": "CVE-2010-0306", "discovery_date": "2010-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "560654" } ], "notes": [ { "category": "description", "text": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.", "title": "Vulnerability description" }, { "category": "summary", "text": "kvm: emulator privilege escalation IOPL/CPL level check", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0306" }, { "category": "external", "summary": "RHBZ#560654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0306", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0306" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0306", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0306" } ], "release_date": "2010-02-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-09T15:23:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0095" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kvm: emulator privilege escalation IOPL/CPL level check" }, { "cve": "CVE-2010-0309", "discovery_date": "2010-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "560887" } ], "notes": [ { "category": "description", "text": "The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file.", "title": "Vulnerability description" }, { "category": "summary", "text": "kvm: cat /dev/port in guest cause the host hang", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0309" }, { "category": "external", "summary": "RHBZ#560887", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560887" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0309", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0309" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0309", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0309" } ], "release_date": "2010-01-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-09T15:23:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0095" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.noarch", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1.src", "5Server-RHEV-Hypervisor-2:rhev-hypervisor-pxe-0:5.4-2.1.8.el5_4rhev2_1.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kvm: cat /dev/port in guest cause the host hang" } ] }
rhsa-2010_0088
Vulnerability from csaf_redhat
Published
2010-02-09 10:01
Modified
2024-11-14 10:47
Summary
Red Hat Security Advisory: kvm security and bug fix update
Notes
Topic
Updated kvm packages that fix multiple security issues and several bugs are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.
The x86 emulator implementation was missing a check for the Current
Privilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guest
could leverage these flaws to cause a denial of service (guest crash) or
possibly escalate their privileges within that guest. (CVE-2010-0298,
CVE-2010-0306)
A flaw was found in the Programmable Interval Timer (PIT) emulation. Access
to the internal data structure pit_state, which represents the data state
of the emulated PIT, was not properly validated in the pit_ioport_read()
function. A privileged guest user could use this flaw to crash the host.
(CVE-2010-0309)
A flaw was found in the USB passthrough handling code. A specially-crafted
USB packet sent from inside a guest could be used to trigger a buffer
overflow in the usb_host_handle_control() function, which runs under the
QEMU-KVM context on the host. A user in a guest could leverage this flaw to
cause a denial of service (guest hang or crash) or possibly escalate their
privileges within the host. (CVE-2010-0297)
This update also fixes the following bugs:
* pvclock MSR values were not preserved during remote migration, causing
time drift for guests. (BZ#537028)
* SMBIOS table 4 data is now generated for Windows guests. (BZ#545874)
* if the qemu-kvm "-net user" option was used, unattended Windows XP
installations did not receive an IP address after reboot. (BZ#546562)
* when being restored from migration, a race condition caused Windows
Server 2008 R2 guests to hang during shutdown. (BZ#546563)
* the kernel symbol checking on the kvm-kmod build process has a safety
check for ABI changes. (BZ#547293)
* on hosts without high-res timers, Windows Server 2003 guests experienced
significant time drift. (BZ#547625)
* in some situations, installing Windows Server 2008 R2 from an ISO image
resulted in a blue screen "BAD_POOL_HEADER" stop error. (BZ#548368)
* a bug in the grow_refcount_table() error handling caused infinite
recursion in some cases. This caused the qemu-kvm process to hang and
eventually crash. (BZ#552159)
* for Windows Server 2003 R2, Service Pack 2, 32-bit guests, an "unhandled
vm exit" error could occur during reboot on some systems. (BZ#552518)
* for Windows guests, QEMU could attempt to stop a stopped audio device,
resulting in a "snd_playback_stop: ASSERT playback_channel->base.active
failed" error. (BZ#552519)
* the Hypercall driver did not reset the device on power-down. (BZ#552528)
* mechanisms have been added to make older savevm versions to be emitted in
some cases. (BZ#552529)
* an error in the Makefile prevented users from using the source RPM to
install KVM. (BZ#552530)
* guests became unresponsive and could use up to 100% CPU when running
certain benchmark tests with more than 7 guests running simultaneously.
(BZ#553249)
* QEMU could terminate randomly with virtio-net and SMP enabled.
(BZ#561022)
All KVM users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Note: The procedure in the
Solution section must be performed before this update will take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated kvm packages that fix multiple security issues and several bugs are\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\nthe standard Red Hat Enterprise Linux kernel.\n\nThe x86 emulator implementation was missing a check for the Current\nPrivilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guest\ncould leverage these flaws to cause a denial of service (guest crash) or\npossibly escalate their privileges within that guest. (CVE-2010-0298,\nCVE-2010-0306)\n\nA flaw was found in the Programmable Interval Timer (PIT) emulation. Access\nto the internal data structure pit_state, which represents the data state\nof the emulated PIT, was not properly validated in the pit_ioport_read()\nfunction. A privileged guest user could use this flaw to crash the host.\n(CVE-2010-0309)\n\nA flaw was found in the USB passthrough handling code. A specially-crafted\nUSB packet sent from inside a guest could be used to trigger a buffer\noverflow in the usb_host_handle_control() function, which runs under the\nQEMU-KVM context on the host. A user in a guest could leverage this flaw to\ncause a denial of service (guest hang or crash) or possibly escalate their\nprivileges within the host. (CVE-2010-0297)\n\nThis update also fixes the following bugs: \n\n* pvclock MSR values were not preserved during remote migration, causing\ntime drift for guests. (BZ#537028)\n\n* SMBIOS table 4 data is now generated for Windows guests. (BZ#545874)\n\n* if the qemu-kvm \"-net user\" option was used, unattended Windows XP\ninstallations did not receive an IP address after reboot. (BZ#546562)\n\n* when being restored from migration, a race condition caused Windows\nServer 2008 R2 guests to hang during shutdown. (BZ#546563)\n\n* the kernel symbol checking on the kvm-kmod build process has a safety\ncheck for ABI changes. (BZ#547293)\n\n* on hosts without high-res timers, Windows Server 2003 guests experienced\nsignificant time drift. (BZ#547625)\n\n* in some situations, installing Windows Server 2008 R2 from an ISO image\nresulted in a blue screen \"BAD_POOL_HEADER\" stop error. (BZ#548368)\n\n* a bug in the grow_refcount_table() error handling caused infinite\nrecursion in some cases. This caused the qemu-kvm process to hang and\neventually crash. (BZ#552159)\n\n* for Windows Server 2003 R2, Service Pack 2, 32-bit guests, an \"unhandled\nvm exit\" error could occur during reboot on some systems. (BZ#552518)\n\n* for Windows guests, QEMU could attempt to stop a stopped audio device,\nresulting in a \"snd_playback_stop: ASSERT playback_channel-\u003ebase.active\nfailed\" error. (BZ#552519)\n\n* the Hypercall driver did not reset the device on power-down. (BZ#552528)\n\n* mechanisms have been added to make older savevm versions to be emitted in\nsome cases. (BZ#552529)\n\n* an error in the Makefile prevented users from using the source RPM to\ninstall KVM. (BZ#552530)\n\n* guests became unresponsive and could use up to 100% CPU when running\ncertain benchmark tests with more than 7 guests running simultaneously.\n(BZ#553249)\n\n* QEMU could terminate randomly with virtio-net and SMP enabled.\n(BZ#561022)\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Note: The procedure in the\nSolution section must be performed before this update will take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0088", "url": "https://access.redhat.com/errata/RHSA-2010:0088" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#important", "url": "http://www.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "537028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=537028" }, { "category": "external", "summary": "545874", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545874" }, { "category": "external", "summary": "546562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546562" }, { "category": "external", "summary": "546563", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546563" }, { "category": "external", "summary": "547293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547293" }, { "category": "external", "summary": "547625", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547625" }, { "category": "external", "summary": "548368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=548368" }, { "category": "external", "summary": "552159", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552159" }, { "category": "external", "summary": "552518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552518" }, { "category": "external", "summary": "552519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552519" }, { "category": "external", "summary": "552528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552528" }, { "category": "external", "summary": "552529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552529" }, { "category": "external", "summary": "552530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552530" }, { "category": "external", "summary": "553249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553249" }, { "category": "external", "summary": "557025", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=557025" }, { "category": "external", "summary": "559091", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559091" }, { "category": "external", "summary": "560654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654" }, { "category": "external", "summary": "560887", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560887" }, { "category": "external", "summary": "561022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561022" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0088.json" } ], "title": "Red Hat Security Advisory: kvm security and bug fix update", "tracking": { "current_release_date": "2024-11-14T10:47:59+00:00", "generator": { "date": "2024-11-14T10:47:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0088", "initial_release_date": "2010-02-09T10:01:00+00:00", "revision_history": [ { "date": "2010-02-09T10:01:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-02-09T05:01:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:47:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)", "product_id": "5Client-VT", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_virtualization:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Virtualization (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux Virtualization (v. 5 server)", "product_id": "5Server-VT", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_virtualization:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "kmod-kvm-0:83-105.el5_4.22.x86_64", "product": { "name": "kmod-kvm-0:83-105.el5_4.22.x86_64", "product_id": "kmod-kvm-0:83-105.el5_4.22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kmod-kvm@83-105.el5_4.22?arch=x86_64" } } }, { "category": "product_version", "name": "kvm-0:83-105.el5_4.22.x86_64", "product": { "name": "kvm-0:83-105.el5_4.22.x86_64", "product_id": "kvm-0:83-105.el5_4.22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kvm@83-105.el5_4.22?arch=x86_64" } } }, { "category": "product_version", "name": "kvm-qemu-img-0:83-105.el5_4.22.x86_64", "product": { "name": "kvm-qemu-img-0:83-105.el5_4.22.x86_64", "product_id": "kvm-qemu-img-0:83-105.el5_4.22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kvm-qemu-img@83-105.el5_4.22?arch=x86_64" } } }, { "category": "product_version", "name": "kvm-tools-0:83-105.el5_4.22.x86_64", "product": { "name": "kvm-tools-0:83-105.el5_4.22.x86_64", "product_id": "kvm-tools-0:83-105.el5_4.22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kvm-tools@83-105.el5_4.22?arch=x86_64" } } }, { "category": "product_version", "name": "kvm-debuginfo-0:83-105.el5_4.22.x86_64", "product": { "name": "kvm-debuginfo-0:83-105.el5_4.22.x86_64", "product_id": "kvm-debuginfo-0:83-105.el5_4.22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kvm-debuginfo@83-105.el5_4.22?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kvm-0:83-105.el5_4.22.src", "product": { "name": "kvm-0:83-105.el5_4.22.src", "product_id": "kvm-0:83-105.el5_4.22.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kvm@83-105.el5_4.22?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kmod-kvm-0:83-105.el5_4.22.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)", "product_id": "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64" }, "product_reference": "kmod-kvm-0:83-105.el5_4.22.x86_64", "relates_to_product_reference": "5Client-VT" }, { "category": "default_component_of", "full_product_name": { "name": "kvm-0:83-105.el5_4.22.src as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)", "product_id": "5Client-VT:kvm-0:83-105.el5_4.22.src" }, "product_reference": "kvm-0:83-105.el5_4.22.src", "relates_to_product_reference": "5Client-VT" }, { "category": "default_component_of", "full_product_name": { "name": "kvm-0:83-105.el5_4.22.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)", "product_id": "5Client-VT:kvm-0:83-105.el5_4.22.x86_64" }, "product_reference": "kvm-0:83-105.el5_4.22.x86_64", "relates_to_product_reference": "5Client-VT" }, { "category": "default_component_of", "full_product_name": { "name": "kvm-debuginfo-0:83-105.el5_4.22.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)", "product_id": "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64" }, "product_reference": "kvm-debuginfo-0:83-105.el5_4.22.x86_64", "relates_to_product_reference": "5Client-VT" }, { "category": "default_component_of", "full_product_name": { "name": "kvm-qemu-img-0:83-105.el5_4.22.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)", "product_id": "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64" }, "product_reference": "kvm-qemu-img-0:83-105.el5_4.22.x86_64", "relates_to_product_reference": "5Client-VT" }, { "category": "default_component_of", "full_product_name": { "name": "kvm-tools-0:83-105.el5_4.22.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)", "product_id": "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64" }, "product_reference": "kvm-tools-0:83-105.el5_4.22.x86_64", "relates_to_product_reference": "5Client-VT" }, { "category": "default_component_of", "full_product_name": { "name": "kmod-kvm-0:83-105.el5_4.22.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)", "product_id": "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64" }, "product_reference": "kmod-kvm-0:83-105.el5_4.22.x86_64", "relates_to_product_reference": "5Server-VT" }, { "category": "default_component_of", "full_product_name": { "name": "kvm-0:83-105.el5_4.22.src as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)", "product_id": "5Server-VT:kvm-0:83-105.el5_4.22.src" }, "product_reference": "kvm-0:83-105.el5_4.22.src", "relates_to_product_reference": "5Server-VT" }, { "category": "default_component_of", "full_product_name": { "name": "kvm-0:83-105.el5_4.22.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)", "product_id": "5Server-VT:kvm-0:83-105.el5_4.22.x86_64" }, "product_reference": "kvm-0:83-105.el5_4.22.x86_64", "relates_to_product_reference": "5Server-VT" }, { "category": "default_component_of", "full_product_name": { "name": "kvm-debuginfo-0:83-105.el5_4.22.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)", "product_id": "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64" }, "product_reference": "kvm-debuginfo-0:83-105.el5_4.22.x86_64", "relates_to_product_reference": "5Server-VT" }, { "category": "default_component_of", "full_product_name": { "name": "kvm-qemu-img-0:83-105.el5_4.22.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)", "product_id": "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64" }, "product_reference": "kvm-qemu-img-0:83-105.el5_4.22.x86_64", "relates_to_product_reference": "5Server-VT" }, { "category": "default_component_of", "full_product_name": { "name": "kvm-tools-0:83-105.el5_4.22.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)", "product_id": "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" }, "product_reference": "kvm-tools-0:83-105.el5_4.22.x86_64", "relates_to_product_reference": "5Server-VT" } ] }, "vulnerabilities": [ { "cve": "CVE-2010-0297", "discovery_date": "2010-01-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "557025" } ], "notes": [ { "category": "description", "text": "Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.", "title": "Vulnerability description" }, { "category": "summary", "text": "kvm-userspace-rhel5: usb-linux.c: fix buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-0:83-105.el5_4.22.src", "5Client-VT:kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64", "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-0:83-105.el5_4.22.src", "5Server-VT:kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0297" }, { "category": "external", "summary": "RHBZ#557025", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=557025" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0297", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0297" } ], "release_date": "2009-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-09T10:01:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nThe following procedure must be performed before this update will take\neffect:\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove (using\n\"modprobe -r [module]\") and reload (using \"modprobe [module]\") all of the\nfollowing modules which are currently running (determined using \"lsmod\"):\nkvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.", "product_ids": [ "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-0:83-105.el5_4.22.src", "5Client-VT:kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64", "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-0:83-105.el5_4.22.src", "5Server-VT:kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0088" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0" }, "products": [ "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-0:83-105.el5_4.22.src", "5Client-VT:kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64", "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-0:83-105.el5_4.22.src", "5Server-VT:kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kvm-userspace-rhel5: usb-linux.c: fix buffer overflow" }, { "cve": "CVE-2010-0298", "discovery_date": "2010-01-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "559091" } ], "notes": [ { "category": "description", "text": "The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.", "title": "Vulnerability description" }, { "category": "summary", "text": "kvm: emulator privilege escalation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-0:83-105.el5_4.22.src", "5Client-VT:kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64", "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-0:83-105.el5_4.22.src", "5Server-VT:kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0298" }, { "category": "external", "summary": "RHBZ#559091", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559091" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0298", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0298" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0298", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0298" } ], "release_date": "2010-02-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-09T10:01:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nThe following procedure must be performed before this update will take\neffect:\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove (using\n\"modprobe -r [module]\") and reload (using \"modprobe [module]\") all of the\nfollowing modules which are currently running (determined using \"lsmod\"):\nkvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.", "product_ids": [ "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-0:83-105.el5_4.22.src", "5Client-VT:kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64", "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-0:83-105.el5_4.22.src", "5Server-VT:kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0088" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-0:83-105.el5_4.22.src", "5Client-VT:kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64", "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-0:83-105.el5_4.22.src", "5Server-VT:kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kvm: emulator privilege escalation" }, { "cve": "CVE-2010-0306", "discovery_date": "2010-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "560654" } ], "notes": [ { "category": "description", "text": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.", "title": "Vulnerability description" }, { "category": "summary", "text": "kvm: emulator privilege escalation IOPL/CPL level check", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-0:83-105.el5_4.22.src", "5Client-VT:kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64", "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-0:83-105.el5_4.22.src", "5Server-VT:kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0306" }, { "category": "external", "summary": "RHBZ#560654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560654" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0306", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0306" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0306", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0306" } ], "release_date": "2010-02-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-09T10:01:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nThe following procedure must be performed before this update will take\neffect:\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove (using\n\"modprobe -r [module]\") and reload (using \"modprobe [module]\") all of the\nfollowing modules which are currently running (determined using \"lsmod\"):\nkvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.", "product_ids": [ "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-0:83-105.el5_4.22.src", "5Client-VT:kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64", "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-0:83-105.el5_4.22.src", "5Server-VT:kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0088" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-0:83-105.el5_4.22.src", "5Client-VT:kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64", "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-0:83-105.el5_4.22.src", "5Server-VT:kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kvm: emulator privilege escalation IOPL/CPL level check" }, { "cve": "CVE-2010-0309", "discovery_date": "2010-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "560887" } ], "notes": [ { "category": "description", "text": "The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file.", "title": "Vulnerability description" }, { "category": "summary", "text": "kvm: cat /dev/port in guest cause the host hang", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-0:83-105.el5_4.22.src", "5Client-VT:kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64", "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-0:83-105.el5_4.22.src", "5Server-VT:kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0309" }, { "category": "external", "summary": "RHBZ#560887", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560887" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0309", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0309" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0309", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0309" } ], "release_date": "2010-01-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-09T10:01:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259\n\nThe following procedure must be performed before this update will take\neffect:\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove (using\n\"modprobe -r [module]\") and reload (using \"modprobe [module]\") all of the\nfollowing modules which are currently running (determined using \"lsmod\"):\nkvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.", "product_ids": [ "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-0:83-105.el5_4.22.src", "5Client-VT:kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64", "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-0:83-105.el5_4.22.src", "5Server-VT:kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0088" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "5Client-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-0:83-105.el5_4.22.src", "5Client-VT:kvm-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Client-VT:kvm-tools-0:83-105.el5_4.22.x86_64", "5Server-VT:kmod-kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-0:83-105.el5_4.22.src", "5Server-VT:kvm-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-debuginfo-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-qemu-img-0:83-105.el5_4.22.x86_64", "5Server-VT:kvm-tools-0:83-105.el5_4.22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kvm: cat /dev/port in guest cause the host hang" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.