CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4622 – kernel: kvm: pit timer with no irqchip crashes the system
https://notcve.org/view.php?id=CVE-2011-4622
The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer. La función create_pit_timer en arch/x86/kvm/i8254.c en KVM v83, y posiblemente otras versiones, no controla correctamente las solicitudes de interrupción (IRQs) en el temporizador de intervalos programable (PIT), cuando no hay disponible un controlador de interrupciones virtual (irqchip), lo que permite a usuarios locales causar una denegación de servicio (desreferencia a puntero a NULL) mediante la iniciación de un temporizador. • http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://permalink.gmane.org/gmane.comp.emulators.kvm.devel/83564 http://www.openwall.com/lists/oss-security/2011/12/21/7 http://www.redhat.com/support/errata/RHSA-2012-0051.html http://www.securityfocus.com/bid/51172 http://www.securitytracker.com/id?1026559 https://bugzilla.redhat.com/show_bug.cgi?id=769721 https://access.redhat. •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0431 – qemu: Insufficient guest provided pointers validation
https://notcve.org/view.php?id=CVE-2010-0431
QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. QEMU-KVM, tal como se utiliza en el Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y KVM 83, no valida correctamente los punteros a controladores QXL, lo que permite causar, a los usuarios del sistema operativo huésped, una denegación de servicio (uso de puntero invalido y la caída del sistema operativo huésped) o posiblemente ganar privilegios a través de vectores no especificados. • https://bugzilla.redhat.com/show_bug.cgi?id=568809 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0627.html https://access.redhat.com/security/cve/CVE-2010-0431 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0435 – kvm: vmx null pointer dereference
https://notcve.org/view.php?id=CVE-2010-0435
The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. El Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y KVM 83, cuando la extensión Intel VT-x está activada, permite causar, a los usuarios del sistema operativo huésped, una denegación de servicio (uso de puntero nulo y caida del sistema operativo anfitrión) a través de vectores relacionados con la emulación de instrucciones. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://secunia.com/advisories/42778 http://www.vupen.com/english/advisories/2011/0012 https://bugzilla.redhat.com/show_bug.cgi?id=570528 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0627.html https://access.redhat.com/security/cve/CVE-2010-0435 • CWE-476: NULL Pointer Dereference •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2784 – qemu: insufficient constraints checking in exec.c:subpage_register()
https://notcve.org/view.php?id=CVE-2010-2784
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. La funcionalidad de inicialización de subpaginas MMIO en la función subpage_register de exec.c en QEMU-KVM, tal como se utiliza en Hypervisor (alias rhev-hipervisor) en Red Hat Enterprise Virtualization (RHEV) v2.2 y KVM 83, no selecciona adecuadamente el índice para acceder a la matriz de callback, lo que permite causar, a los usuarios del sistema operativo huésped, una denegación de servicio (caida del sistema operativo) o posiblemente obtener privilegios mediante vectores no especificados. • http://www.spinics.net/lists/kvm/msg39173.html https://bugzilla.redhat.com/show_bug.cgi?id=619411 https://rhn.redhat.com/errata/RHSA-2010-0622.html https://rhn.redhat.com/errata/RHSA-2010-0627.html https://access.redhat.com/security/cve/CVE-2010-2784 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 22%CPEs: 243EXPL: 0CVE-2010-0741 – qemu: Improper handling of erroneous data provided by Linux virtio-net driver
https://notcve.org/view.php?id=CVE-2010-0741
The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO). La funcion virtio_net_bad_features en hw/virtio-net.c en el driver virtio-net en el kernel de Linux anterior a v2.6.26, cuando utiliza un sistema operativo invitado en conjunción con qemu-kvm 0.11.0 o KVM 83, permite a atacantes remotos producir una denegación de servicio (caída del sistema operativo invitado, y una salida del proceso de asociación qemu-kvm) mediante el envío de una gran cantidad de trafico TCP al puerto del sistema operativo invitado, relacionado con la lista blanca de virtio-net que incluye una implementación inadecuada de TCP Segment Offloading (TSO). • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=184bd0484533b725194fa517ddc271ffd74da7c9 http://lists.gnu.org/archive/html/qemu-devel/2009-10/msg02480.html http://lists.gnu.org/archive/html/qemu-devel/2009-10/msg02495.html http://openwall.com/lists/oss-security/2010/03/29/4 http://securitytracker.com/id?1023798 http://www.redhat.com/support/errata/RHSA-2010-0271.html http://www.vupen.com/english/advisories/2010/0760 https://bugs.edge.launchpad.net/ubuntu/+s • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •