CVE-2010-0431: Input Validation
First published: Fri Feb 26 2010(Updated: )
Izik Eidus found a bug in QEMU that allows priviledged guest user to touch arbitrary memory in the hosting QEMU process. The bug is in QXL code. Guest and host share region of memory and use it to communicate with each other. Malicious user can use the lack of validation of pointers embedded into data structures in this memory area to touch host's abitrary memory location and/or make the hosting QEMU process crash by dereferencing invalid pointer.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Virtualization | =2.2 | |
| Redhat Kvm | =83 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-0431
- vendor/redhat
- canonical/redhat enterprise virtualization
- version/redhat enterprise virtualization/2.2
- canonical/redhat kvm
- version/redhat kvm/83