CVE-2010-0306 — Kernel vulnerability

CWE-2649 documents5 sources

Severity

6.5MEDIUMNVD

NVD4.1

EPSS

0.1%

top 67.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux KVM Qumranet KVM

Timeline

PublishedFeb 12

Latest updateMay 2

Description

The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 2.7 | Impact: 6.4

Affected Packages2 packages

▶NVDlinux/linux_kernel2.6.28 — 2.6.33

▶NVDkvm_qumranet/kvm83

Also affects: Debian Linux 5.0

🔴Vulnerability Details

GHSA

GHSA-h7hj-hjcj-pwpj: The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to↗2022-05-02

▶

GHSA

GHSA-xpcm-5q5j-h76x: The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Pri↗2022-05-02

▶

📋Vendor Advisories

Ubuntu

Linux kernel regression↗2010-06-04

▶

Ubuntu

Linux kernel vulnerabilities↗2010-06-03

▶

Red Hat

kvm: emulator privilege escalation IOPL/CPL level check↗2010-02-09

▶

Red Hat

kvm: emulator privilege escalation↗2010-02-09

▶

💬Community

Bugzilla

CVE-2010-0306 kvm: emulator privilege escalation IOPL/CPL level check↗2010-02-01

▶