CVE-2010-0419
First published: Wed Feb 10 2010(Updated: )
Paolo Bonzini found a bug in KVM that can be used to bypass proper permission checking while loading segment selectors. Malicious guest userspace process running in SMP guest can trick the emulator into loading kernel segment selector if it has access to IO port or MMIO region. To do so it should run legitimate instruction that does IO and will cause vcpu to enter emulator in one thread and replace this instruction to kernel selector loading one from another thread. If instruction is replaced after KVM entered emulator, but before instruction is fetched emulator will be tricked to execute privileged instruction without permission checking.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KVM Qumranet | =83 | |
| =83 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2010-0126.html
- http://www.securityfocus.com/bid/38467
- https://bugzilla.redhat.com/show_bug.cgi?id=563463
- http://securitytracker.com/id?1023663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56662
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139
- https://rhn.redhat.com/errata/RHSA-2010-0126.html
- https://rhn.redhat.com/errata/RHSA-2010-0172.html
Frequently Asked Questions
What is the severity of CVE-2010-0419?
CVE-2010-0419 has been assigned a medium severity rating due to the potential for unauthorized access to kernel memory.
How do I fix CVE-2010-0419?
To mitigate CVE-2010-0419, it is recommended to apply the latest patches or updates provided by the vendor for KVM.
What systems are affected by CVE-2010-0419?
CVE-2010-0419 affects KVM version 83 and might impact systems running this version.
What type of vulnerability is CVE-2010-0419?
CVE-2010-0419 is a privilege escalation vulnerability that allows unauthorized access by exploiting flaws in permission checking.
Can CVE-2010-0419 be exploited remotely?
CVE-2010-0419 primarily requires local access to the compromised guest environment to exploit the vulnerability.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-0419
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/kvm qumranet
- canonical/kvm qumranet
- version/kvm qumranet/83