CVE-2010-0419

The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.

CVSS v2.0 4.4 MEDIUM

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://securitytracker.com/id?1023663
http://www.redhat.com/support/errata/RHSA-2010-0126.html
http://www.securityfocus.com/bid/38467
https://bugzilla.redhat.com/show_bug.cgi?id=563463
https://exchange.xforce.ibmcloud.com/vulnerabilities/56662
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139

Configurations

Configuration 1 (hide)

cpe:2.3:a:kvm_qumranet:kvm:83:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-03-05 16:30

Updated : 2023-12-10 11:03

NVD link : CVE-2010-0419

Mitre link : CVE-2010-0419

CVE.ORG link : CVE-2010-0419

JSON object : View

Products Affected

kvm_qumranet

kvm

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2010-0419", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-03-05T16:30:00.707", "references": [{"url": "http://securitytracker.com/id?1023663", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0126.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/38467", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=563463", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56662", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch."}, {"lang": "es", "value": "El emulador x86 en KVM 83, cuando un invitado esta configura para Symmetric Multiprocessing (SMP), no restringe de manera adecuada la escritura de los selectores de segmento en los registros de segmento, lo que permitir\u00eda a usuarios del sistema operativo invitado producir una denegaci\u00f3n de servicio (ca\u00edda del sistema operativo invitado) o ganar privilegios en el sistema operativo invitado mediante el bloqueo de acceso a (1) un puerto IO, (2) una regi\u00f3n MMIO, y reemplazando una instrucci\u00f3n entre la entrada del emulador y la instrucci\u00f3n."}], "lastModified": "2017-09-19T01:30:22.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kvm_qumranet:kvm:83:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3A6CCA1-63AD-423E-8249-362557524FAA"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}