Lucene search

[email protected]CVE-2010-0309

HistoryFeb 12, 2010 - 7:30 p.m.

CVE-2010-0309

2010-02-1219:30:00

CWE-16

[email protected]

web.nvd.nist.gov

cve-2010-0309

pit_ioport_read

kvm 83

denial of service

security vulnerability

nvd

6.1 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.004 Low

EPSS

Percentile

71.7%

JSON

The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file.

CPENameOperatorVersion
linux:kernellinux kerneleq*

CPE	Name	Operator	Version
linux:kernel	linux kernel	eq	*

References

secunia.com/advisories/38492

secunia.com/advisories/38922

www.debian.org/security/2010/dsa-1996

www.mail-archive.com/kvm%40vger.kernel.org/msg28002.html

www.openwall.com/lists/oss-security/2010/02/02/1

www.openwall.com/lists/oss-security/2010/02/02/4

www.securityfocus.com/bid/38158

www.ubuntu.com/usn/USN-914-1

www.vupen.com/english/advisories/2010/0638

bugzilla.redhat.com/show_bug.cgi?id=560887

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11095

rhn.redhat.com/errata/RHSA-2010-0088.html

rhn.redhat.com/errata/RHSA-2010-0095.html

6.1 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.004 Low

EPSS

Percentile

71.7%

JSON

Related for CVE-2010-0309

seebug1 ubuntucve1 prion1 cbl_mariner2 nessus7 debian2 securityvulns4 centos1 redhat2 openvas6 osv2 oraclelinux2 ubuntu1