CVE-2011-4622 – kernel: kvm: pit timer with no irqchip crashes the system
https://notcve.org/view.php?id=CVE-2011-4622
The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer. La función create_pit_timer en arch/x86/kvm/i8254.c en KVM v83, y posiblemente otras versiones, no controla correctamente las solicitudes de interrupción (IRQs) en el temporizador de intervalos programable (PIT), cuando no hay disponible un controlador de interrupciones virtual (irqchip), lo que permite a usuarios locales causar una denegación de servicio (desreferencia a puntero a NULL) mediante la iniciación de un temporizador. • http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://permalink.gmane.org/gmane.comp.emulators.kvm.devel/83564 http://www.openwall.com/lists/oss-security/2011/12/21/7 http://www.redhat.com/support/errata/RHSA-2012-0051.html http://www.securityfocus.com/bid/51172 http://www.securitytracker.com/id?1026559 https://bugzilla.redhat.com/show_bug.cgi?id=769721 https://access.redhat. •
CVE-2010-0435 – kvm: vmx null pointer dereference
https://notcve.org/view.php?id=CVE-2010-0435
The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. El Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y KVM 83, cuando la extensión Intel VT-x está activada, permite causar, a los usuarios del sistema operativo huésped, una denegación de servicio (uso de puntero nulo y caida del sistema operativo anfitrión) a través de vectores relacionados con la emulación de instrucciones. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://secunia.com/advisories/42778 http://www.vupen.com/english/advisories/2011/0012 https://bugzilla.redhat.com/show_bug.cgi?id=570528 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0627.html https://access.redhat.com/security/cve/CVE-2010-0435 • CWE-476: NULL Pointer Dereference •
CVE-2010-0431 – qemu: Insufficient guest provided pointers validation
https://notcve.org/view.php?id=CVE-2010-0431
QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. QEMU-KVM, tal como se utiliza en el Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y KVM 83, no valida correctamente los punteros a controladores QXL, lo que permite causar, a los usuarios del sistema operativo huésped, una denegación de servicio (uso de puntero invalido y la caída del sistema operativo huésped) o posiblemente ganar privilegios a través de vectores no especificados. • https://bugzilla.redhat.com/show_bug.cgi?id=568809 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0627.html https://access.redhat.com/security/cve/CVE-2010-0431 • CWE-20: Improper Input Validation •
CVE-2010-2784 – qemu: insufficient constraints checking in exec.c:subpage_register()
https://notcve.org/view.php?id=CVE-2010-2784
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. La funcionalidad de inicialización de subpaginas MMIO en la función subpage_register de exec.c en QEMU-KVM, tal como se utiliza en Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y KVM 83, no selecciona adecuadamente el índice para acceder a la matriz de callback, lo que permite causar, a los usuarios del sistema operativo huésped, una denegación de servicio (caida del sistema operativo) o posiblemente obtener privilegios mediante vectores no especificados. • http://www.spinics.net/lists/kvm/msg39173.html https://bugzilla.redhat.com/show_bug.cgi?id=619411 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0627.html https://access.redhat.com/security/cve/CVE-2010-2784 • CWE-264: Permissions, Privileges, and Access Controls •