CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2784 – qemu: insufficient constraints checking in exec.c:subpage_register()
https://notcve.org/view.php?id=CVE-2010-2784
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. La funcionalidad de inicialización de subpaginas MMIO en la función subpage_register de exec.c en QEMU-KVM, tal como se utiliza en Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y KVM 83, no selecciona adecuadamente el índice para acceder a la matriz de callback, lo que permite causar, a los usuarios del sistema operativo huésped, una denegación de servicio (caida del sistema operativo) o posiblemente obtener privilegios mediante vectores no especificados. • http://www.spinics.net/lists/kvm/msg39173.html https://bugzilla.redhat.com/show_bug.cgi?id=619411 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0627.html https://access.redhat.com/security/cve/CVE-2010-2784 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2223 – vdsm: missing VM post-zeroing after removal
https://notcve.org/view.php?id=CVE-2010-2223
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. Virtual Desktop Server Manager (VDSM) en Red Hat Enterprise Virtualization Hypervisor (conocido como RHEV-H or rhev-hypervisor) anterior v5.5-2.2 no actúa adecuadamente después del borrado de los datos de una máquina virtual, lo que permite a usuarios invitados obtener información sensible por examinación de bloques de discos asociados con una máquina virtual borrada. • http://securitytracker.com/id?1024137 http://www.securityfocus.com/bid/41044 https://bugzilla.redhat.com/show_bug.cgi?id=604752 https://rhn.redhat.com/errata/RHSA-2010-0473.html https://rhn.redhat.com/errata/RHSA-2010-0476.html https://access.redhat.com/security/cve/CVE-2010-2223 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2224 – rhev-m: merge snapshot does not pass postzero parameter for deleted volumes
https://notcve.org/view.php?id=CVE-2010-2224
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. La funcionalidad snapshot merging en Red Hat Enterprise Virtualization Manager (conocido como RHEV-M) anterior v2.2 no pasa adecuadamente el parámetro prostzero durante las operaciones en el borrado de volúmenes, lo que permite a usarios invitados OS obtener información sensible por examinación de los bloques de discos asociados con una maquina virtual borrada. • http://www.securityfocus.com/bid/41045 https://bugzilla.redhat.com/show_bug.cgi?id=606774 https://rhn.redhat.com/errata/RHSA-2010-0478.html https://access.redhat.com/security/cve/CVE-2010-2224 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 2%CPEs: 7EXPL: 1CVE-2009-4272 – kernel: emergency route cache flushing leads to node deadlock
https://notcve.org/view.php?id=CVE-2009-4272
A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. Cierto parche de Red Hat para net/ipv4/route.c en el kernel de Linux v2.6.18 en Red Hat Enterprise Linux (RHEL) v5 permite a atacantes remotos producir una denegación de servicio (punto muerto) a traves de paquetes manipulados que que fuerzan colisiones en la tabla de hash de enrutamiento IPv4, e inicia un enrutado de "emergencia" en el cual la cadena de hash es demasiado larga. NOTA: Esta vulnerabilidad esta relacionada con otra del cache de enrutamiento del kernel cuando el cache de enrutamiento del kernel esta desactivado, implicando un puntero no inicializado y panic. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=73e42897e8e5619eacb787d2ce69be12f47cfc21 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b6280b47a7a42970d098a3059f4ebe7e55e90d8d http://support.avaya.com/css/P8/documents/100073666 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31 http://www.openwall.com/lists/oss-security/2010/01/20/1 http://www.openwall.com/lists/oss-security/2010/01/20/6 https://bugz • CWE-476: NULL Pointer Dereference CWE-667: Improper Locking •
CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0CVE-2009-3080 – kernel: gdth: Prevent negative offsets in ioctl
https://notcve.org/view.php?id=CVE-2009-3080
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. Error de indice de matriz en la función gdth_read_event en drivers/scsi/gdth.c en el kernel de Linux antes de v2.6.32-RC8 permite a usuarios locales provocar una denegación de servicio o posiblemente obtener privilegios a través de un índice de evento negativo en una solicitud IOCTL. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html http://secunia. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-129: Improper Validation of Array Index •