CVE-2010-2784

Impact:
Important
Public Date:
2010-07-28
Bugzilla:
619411: CVE-2010-2784 qemu: insufficient constraints checking in exec.c:subpage_register()

The MITRE CVE dictionary describes this issue as:

The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.

Find out more about CVE-2010-2784 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 6.6
Base Metrics AV:L/AC:M/Au:S/C:C/I:C/A:C
Access Vector Local
Access Complexity Medium
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Virtualization Hypervisor 5 (rhev-hypervisor) RHSA-2010:0622 2010-08-19
Red Hat Enterprise Linux Virtualization 5 (kvm) RHSA-2010:0627 2010-08-19

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 qemu-kvm Not affected
Red Hat Enterprise Linux 5 kvm Affected

Last Modified