KVM x86 Emulator Bugs Let Local Users on the Guest System to Gain Privileges on the Target Guest System - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > KVM

Vendors: kvm.qumranet.com

KVM x86 Emulator Bugs Let Local Users on the Guest System to Gain Privileges on the Target Guest System

SecurityTracker Alert ID: 1023573

SecurityTracker URL: http://securitytracker.com/id/1023573

CVE Reference: CVE-2010-0298, CVE-2010-0306 (Links to External Site)

Updated: Feb 10 2010

Original Entry Date: Feb 10 2010

Impact: User access via local system

Fix Available: Yes Vendor Confirmed: Yes

Description: Two vulnerabilities were reported in KVM. A local user on the guest operating system can obtain elevated privileges on the target guest system.

A local user on the guest operating system can cause the x86 emulator to modify arbitrary kernel memory locations [CVE-2010-0298].

A local user on the guest operating system can bypass IOPL/CPL checking to cause the emulator to execute privileged instructions [CVE-2010-0306].

Gleb Natapov reported these vulnerabilities.

Impact: A local user on the guest operating system can obtain elevated privileges on the target guest system.

Solution: The vendor has proposed a source code fix, available at:

http://www.mail-archive.com/kvm@vger.kernel.org/msg28510.html

Vendor URL: linux-kvm.org/ (Links to External Site)

Cause: Access control error

Underlying OS: Linux (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Feb 10 2010	(Red Hat Issues Fix) KVM x86 Emulator Bugs Let Local Users on the Guest System to Gain Privileges on the Target Guest System (bugzilla@redhat.com) Red Hat has issued a fix for Red Hat Enterprise Linux 5.
Feb 19 2010	(Red Hat Issues Fix for Red Hat Enterprise Virtualization Hypervisor) KVM x86 Emulator Bugs Let Local Users on the Guest System to Gain Privileges on the Target Guest System (bugzilla@redhat.com) Red Hat has issued a fix for Red Hat Enterprise Virtualization Hypervisor 2.1.

Source Message Contents

Date: Wed, 10 Feb 2010 02:27:02 +0000
Subject: KVM


CVE-2010-0298

CVE-2010-0306

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC