CVE-2010-2784

EUVD-2010-2788
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.6 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
redhatenterprise_virtualization
2.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kvm
dapper
dne
hardy
ignored
jaunty
ignored
karmic
dne
lucid
dne
qemu-kvm
dapper
dne
hardy
dne
jaunty
dne
karmic
ignored
lucid
ignored
Common Weakness Enumeration
References
http://www.spinics.net/lists/kvm/msg39173.html
https://bugzilla.redhat.com/show_bug.cgi?id=619411
https://rhn.redhat.com/errata/RHSA-2010-0622.html
https://rhn.redhat.com/errata/RHSA-2010-0627.html
http://www.spinics.net/lists/kvm/msg39173.html
https://bugzilla.redhat.com/show_bug.cgi?id=619411
https://rhn.redhat.com/errata/RHSA-2010-0622.html
https://rhn.redhat.com/errata/RHSA-2010-0627.html