CVE-2010-0419

kvm: emulator privilege escalation segment selector check

Severity Score

4.4

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.

El emulador x86 en KVM 83, cuando un invitado esta configura para Symmetric Multiprocessing (SMP), no restringe de manera adecuada la escritura de los selectores de segmento en los registros de segmento, lo que permitiría a usuarios del sistema operativo invitado producir una denegación de servicio (caída del sistema operativo invitado) o ganar privilegios en el sistema operativo invitado mediante el bloqueo de acceso a (1) un puerto IO, (2) una región MMIO, y reemplazando una instrucción entre la entrada del emulador y la instrucción.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-01-27 CVE Reserved
2010-03-05 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (7)

URL	Tag	Source
http://securitytracker.com/id?1023663	Vdb Entry
http://www.securityfocus.com/bid/38467	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/56662	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10139	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.redhat.com/support/errata/RHSA-2010-0126.html	2017-09-19
https://bugzilla.redhat.com/show_bug.cgi?id=563463	2010-03-24
https://access.redhat.com/security/cve/CVE-2010-0419	2010-03-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kvm Qumranet Search vendor "Kvm Qumranet"		Kvm Search vendor "Kvm Qumranet" for product "Kvm"				83 Search vendor "Kvm Qumranet" for product "Kvm" and version "83"		-		Affected