QwikSec

Security Database

CVE

CWE

Training

CVE-2010-0306

Published: Feb 12, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=560654

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_REDHAT

oval:org.mitre.oval:def:10953

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.