CVE-2010-5313

Опубликовано: 24 сент. 2014

Источник: redhat

CVSS2: 4

EPSS Низкий

Описание

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842.

It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way.

Отчет

This issue did not affect the kvm packages as shipped with Red Hat Enterprise Linux 5.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2016:0855	10.05.2016
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2015:2152	19.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1163762kernel: kvm: reporting emulation failures to userspace

EPSS

Процентиль: 23%

0.00074

Низкий

4 Medium

CVSS2

Связанные уязвимости

CVE-2010-5313

ubuntu

почти 11 лет назад

CVE-2010-5313

nvd

почти 11 лет назад

CVE-2010-5313

debian

почти 11 лет назад

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 ...

GHSA-8hgg-pmrm-w85w

github

больше 3 лет назад

ELSA-2016-0855

oracle-oval

больше 9 лет назад

ELSA-2016-0855: kernel security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 23%

0.00074

Низкий

4 Medium

CVSS2