CVE-2010-0298

CVE	CVE-2010-0298
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2010-02-12 19:30:00 UTC
Updated	2017-09-19 01:30:00 UTC
Description	The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.

Problem Types: CWE-264

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All

Reference	Source	Link	Tags
rhn.redhat.com \| Red Hat Support	REDHAT	rhn.redhat.com
Linux Kernel KVM Multiple Privilege Escalation and Denial of Service Vulnerabilities	BID	www.securityfocus.com
Red Hat Customer Portal	REDHAT	rhn.redhat.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
Debian update for linux-2.6 - Advisories - Community	SECUNIA	secunia.com
559091 – (CVE-2010-0298) CVE-2010-0298 kvm: emulator privilege escalation	CONFIRM	bugzilla.redhat.com
Debian -- Security Information -- DSA-1996-1 linux-2.6	DEBIAN	www.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

900101 CBL-Mariner Linux Security Update for kernel 5.10.52.1
900303 CBL-Mariner Linux Security Update for kernel 5.10.57.1
900321 CBL-Mariner Linux Security Update for kernel 5.10.60.1
900875 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6514-1)
903690 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3481)
906233 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3481-1)
906400 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6514-2)