387 matches found
kvm: cat /dev/port in guest cause the host hang
The pitioportread function in the Programmable Interval Timer PIT emulation in i8254.c in KVM 83 does not properly use the pitstate data structure, which allows guest OS users to cause a denial of service host OS crash or hang by attempting to read the /dev/port file...
kvm: emulator privilege escalation IOPL/CPL level check
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing SMP, does not use the Current Privilege Level CPL and I/O Privilege Level IOPL to restrict instruction execution, which allows guest OS users to cause a denial of service guest OS crash or gain privileges on the...
kvm: emulator privilege escalation
The x86 emulator in KVM 83 does not use the Current Privilege Level CPL and I/O Privilege Level IOPL in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service guest OS crash or gain privileges on the guest OS by leveraging access to a 1 IO...
PT-2009-6214 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.32-rc8-next-20091125 Description: The issue is related to the x86 emulator in the KVM subsystem of the Linux kernel. It allows guest OS users to cause a denial of service, specifically increased scheduling...
PT-2009-5912 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.32-rc1 Description: The issue is related to the KVM subsystem in the Linux kernel, where the update cr8 intercept function does not properly handle the absence of an Advanced Programmable Interrupt Controlle...
DEBIAN-CVE-2008-4539
Heap-based buffer overflow in the Cirrus VGA implementation in 1 KVM before kvm-82 and 2 QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorre...
DEBIAN-CVE-2008-2382
The protocolclientmsg function in vnc.c in the VNC server in 1 Qemu 0.9.1 and earlier and 2 KVM kvm-79 and earlier allows remote attackers to cause a denial of service infinite loop via a certain message...