CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0419 – kvm: emulator privilege escalation segment selector check
https://notcve.org/view.php?id=CVE-2010-0419
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch. El emulador x86 en KVM 83, cuando un invitado esta configura para Symmetric Multiprocessing (SMP), no restringe de manera adecuada la escritura de los selectores de segmento en los registros de segmento, lo que permitiría a usuarios del sistema operativo invitado producir una denegación de servicio (caída del sistema operativo invitado) o ganar privilegios en el sistema operativo invitado mediante el bloqueo de acceso a (1) un puerto IO, (2) una región MMIO, y reemplazando una instrucción entre la entrada del emulador y la instrucción. • http://securitytracker.com/id?1023663 http://www.redhat.com/support/errata/RHSA-2010-0126.html http://www.securityfocus.com/bid/38467 https://bugzilla.redhat.com/show_bug.cgi?id=563463 https://exchange.xforce.ibmcloud.com/vulnerabilities/56662 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139 https://access.redhat.com/security/cve/CVE-2010-0419 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0306 – kvm: emulator privilege escalation IOPL/CPL level check
https://notcve.org/view.php?id=CVE-2010-0306
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298. El emulador x86 en KVM3, cuando un invitado está configurado para Symmetric Multiprocessing (SMP), no usa Current Privilege Level (CPL) e I/O Privilege Level (IOPL) para restringir las instrucciones de ejecución, lo que permite a usuarios invitados del OS provocar una denegación de servicio (caída o cuelgue del sistema) o elevar sus privilegios aprovechando el acceso al (1) puerto IO o (2) a la región MMIO, y sustituyendo una instrucción entre la entrada del emulador y el analizador de instrucciones. Cuestión relacionada con CVE-2010-0298. • http://secunia.com/advisories/38492 http://secunia.com/advisories/38499 http://www.debian.org/security/2010/dsa-1996 http://www.securityfocus.com/bid/38158 https://bugzilla.redhat.com/show_bug.cgi?id=560654 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10953 https://rhn.redhat.com/errata/RHSA-2010-0088.html https://rhn.redhat.com/errata/RHSA-2010-0095.html https://access.redhat.com/security/cve/CVE-2010-0306 • CWE-264: Permissions, Privileges, and Access Controls •