9 matches found
Arbitrary Code Execution
qemu-kvm-rhev is vulnerable to arbitrary code execution attacks. The vulnerability exists as the pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code...
CVE-2015-3214
The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index...
CVE-2015-3214
CVE-2015-3214 affects QEMU prior to 2.3.1 (pit_ioport_read in i8254.c) and Linux kernel prior to 2.6.33. The flaw does not distinguish between read and write lengths, potentially allowing a privileged guest user (with PIT emulation enabled) to trigger an invalid index and cause arbitrary host cod...
UBUNTU-CVE-2015-3214
The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index...
CVE-2015-3214
The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index...
CVE-2011-4622
CVE-2011-4622 affects KVM (arch/x86/kvm/i8254.c) where create_pit_timer mishandles PIT IRQs if an irqchip is not available, allowing a local user to trigger a denial-of-service via NULL pointer dereference by starting a PIT timer. The vulnerability is referenced in MiracleLinux AXSA advisories as...
Linux kernel 2.6.x KVM 'create_pit_timer()'函数本地拒绝服务漏洞
Bugtraq ID: 51172 CVE ID:CVE-2011-4622 Linux是一款开放源代码的操作系统。 用户空间可创建PIT但忘记了设置irqchips,在这种情况下本地攻击者可以通过PIT IRQs使主机崩溃: codeBUG: unable to handle kernel NULL pointer dereference at 0000000000000128 IP: ffffffffa10f6280 kvmsetirq+0x30/0x170 kvm ... Call Trace: ffffffffa11228c1 pitdowork+0x51/0xd0 kvm...
Design/Logic Flaw
The pitioportread function in the Programmable Interval Timer PIT emulation in i8254.c in KVM 83 does not properly use the pitstate data structure, which allows guest OS users to cause a denial of service host OS crash or hang by attempting to read the /dev/port file...
AZL-34841 CVE-2010-0309 affecting package kernel for versions less than 6.6.35.1-4
The pitioportread function in the Programmable Interval Timer PIT emulation in i8254.c in KVM 83 does not properly use the pitstate data structure, which allows guest OS users to cause a denial of service host OS crash or hang by attempting to read the /dev/port file...