Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000540)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000540 advisory. Race condition in the kvmmigratepittimer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002442)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002442 advisory. Race condition in the kvmmigratepittimer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a...

SUSE CVE-2010-0309

The pitioportread function in the Programmable Interval Timer PIT emulation in i8254.c in KVM 83 does not properly use the pitstate data structure, which allows guest OS users to cause a denial of service host OS crash or hang by attempting to read the /dev/port file...

The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file.

...

Arbitrary Code Execution

qemu-kvm-rhev is vulnerable to arbitrary code execution attacks. The vulnerability exists as the pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code...

QEMU i8254 PIT Emulation Bug

Lenovo Security Advisory: LEN-2015-075 Potential Impact: Escalation of Privileges Severity: High Summary: A vulnerability was reported in QEMU where a local user on the guest system could potentially obtain elevated privileges on the target host system. This vulnerability was reported to Red Hat...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1560-1)

qemu was updated to fix 37 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation bsc981266 - CVE-2015-8817: Avo...

Debian DSA-3348-1 : qemu - security update

Several vulnerabilities were discovered in qemu, a fast processor emulator. - CVE-2015-3214 Matt Tait of Google's Project Zero security team discovered a flaw in the QEMU i8254 PIT emulation. A privileged guest user in a guest with QEMU PIT emulation enabled could potentially use this flaw to...

Fedora 21 : qemu-2.1.3-9.fc21 (2015-13404)

Fix crash in qemuspicecreatedisplay bz 1163047 CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path bz 1230536 CVE-2015-3214: i8254: out-of-bounds memory access bz 1243728 CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access bz 1247141 CVE-2015-5745: buffer overflow...

CVE-2015-3214

The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index...

CVE-2015-3214

CVE-2015-3214 affects QEMU prior to 2.3.1 (pit_ioport_read in i8254.c) and Linux kernel prior to 2.6.33. The flaw does not distinguish between read and write lengths, potentially allowing a privileged guest user (with PIT emulation enabled) to trigger an invalid index and cause arbitrary host cod...

qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function

An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pitioportread function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare cases, use this flaw to execute arbitrary code o...

qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function

An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pitioportread function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare cases, use this flaw to execute arbitrary code o...

UBUNTU-CVE-2015-3214

The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index...

CVE-2015-3214

The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index...

kernel: kvm: pit timer with no irqchip crashes the system

The createpittimer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer PIT interrupt requests IRQs when a virtual interrupt controller irqchip is not available, which allows local users to cause a denial of service NUL...

CVE-2011-4622

CVE-2011-4622 affects KVM (arch/x86/kvm/i8254.c) where create_pit_timer mishandles PIT IRQs if an irqchip is not available, allowing a local user to trigger a denial-of-service via NULL pointer dereference by starting a PIT timer. The vulnerability is referenced in MiracleLinux AXSA advisories as...

Linux kernel 2.6.x KVM 'create_pit_timer()'函数本地拒绝服务漏洞

Bugtraq ID: 51172 CVE ID：CVE-2011-4622 Linux是一款开放源代码的操作系统。 用户空间可创建PIT但忘记了设置irqchips，在这种情况下本地攻击者可以通过PIT IRQs使主机崩溃： codeBUG: unable to handle kernel NULL pointer dereference at 0000000000000128 IP: ffffffffa10f6280 kvmsetirq+0x30/0x170 kvm ... Call Trace: ffffffffa11228c1 pitdowork+0x51/0xd0 kvm...

AZL-6509 CVE-2010-0309 affecting package kernel for versions less than 5.10.78.1-1

The pitioportread function in the Programmable Interval Timer PIT emulation in i8254.c in KVM 83 does not properly use the pitstate data structure, which allows guest OS users to cause a denial of service host OS crash or hang by attempting to read the /dev/port file...

Design/Logic Flaw

The pitioportread function in the Programmable Interval Timer PIT emulation in i8254.c in KVM 83 does not properly use the pitstate data structure, which allows guest OS users to cause a denial of service host OS crash or hang by attempting to read the /dev/port file...