CVE-2010-2784

CWE-2645 documents5 sources

Severity

6.6MEDIUM

EPSS

0.0%

top 85.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization Redhat KVM

Timeline

PublishedAug 24

Latest updateMay 17

Description

The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 2.7 | Impact: 10.0

Affected Packages2 packages

▶NVDredhat/enterprise_virtualization2.2

▶NVDredhat/kvm83

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-46g8-g627-3wh5: The subpage MMIO initialization functionality in the subpage_register function in exec↗2022-05-17

▶

CVEList

CVE-2010-2784: The subpage MMIO initialization functionality in the subpage_register function in exec↗2010-08-24

▶

📋Vendor Advisories

Red Hat

qemu: insufficient constraints checking in exec.c:subpage_register()↗2010-07-28

▶

💬Community

Bugzilla

CVE-2010-2784 qemu: insufficient constraints checking in exec.c:subpage_register()↗2010-07-29

▶