CVE-2010-0431

CVE-2010-0431 affects QEMU-KVM (RHEV/kvm) where the host did not fully validate guest QXL driver pointers, enabling a privileged guest? user to crash the host (denial of service) or potentially escalate privileges. Public data show Red Hat/RHEV hypervisor updates (RHSA-2010-0622) and KVM updates ...

CVE-2010-0429

libspice, as used in QEMU-KVM in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service guest OS crash ...

CVE-2010-0435

The Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash via vectors related to instruction emulation...

libspice: Insufficient guest provided pointers validation

libspice, as used in QEMU-KVM in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service invalid pointer dereference and guest OS crash or...

libspice: Relying on guest provided data structures to indicate memory allocation

libspice, as used in QEMU-KVM in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service guest OS crash ...

qemu: Insufficient guest provided pointers validation

QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service invalid pointer dereference and guest OS crash or possibly gain privileg...

kvm: vmx null pointer dereference

The Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash via vectors related to instruction emulation...

Important: Red Hat Security Advisory: rhev-hypervisor security and bug fix update

Updated rhev-hypervisor packages that fix multiple security issues and two bugs are now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...

qemu: Insufficient guest provided pointers validation

QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service invalid pointer dereference and guest OS crash or possibly gain privileg...

libspice: Relying on guest provided data structures to indicate memory allocation

libspice, as used in QEMU-KVM in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service guest OS crash ...

RedHat Update for kernel RHSA-2010:0610-01

Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2010:0610-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

CentOS 5 : kernel (CESA-2010:0610)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

CentOS 5 : libvirt (CESA-2010:0615)

Updated libvirt packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

libvirt security update

CentOS Errata and Security Advisory CESA-2010:0615 Updated libvirt packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVS...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Low: Red Hat Security Advisory: libvirt security and bug fix update

Updated libvirt packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

Design/Logic Flaw

Virtual Desktop Server Manager VDSM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the di...

CVE-2010-2223

Virtual Desktop Server Manager VDSM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the di...

CVE-2010-2223

Virtual Desktop Server Manager VDSM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the di...

CVE-2010-2223

CVE-2010-2223 affects Red Hat Enterprise Virtualization Hypervisor (RHEV-H) with Virtual Desktop Server Manager (VDSM). The issue: when removing a VM’s data, VDSM did not securely zero/delete the back-end data, allowing a guest OS user to examine disk blocks from deleted VMs and potentially discl...