11 matches found
The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file.
...
Arbitrary Code Execution
qemu-kvm-rhev is vulnerable to arbitrary code execution attacks. The vulnerability exists as the pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code...
CVE-2015-3214
The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index...
CVE-2015-3214
The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index...
Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20150727)
A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the...
Linux Kernel 2.6.x KVM 'pit_ioport_read()' Local Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38038/info The Linux kernel is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine KVM. Attackers with local access to a guest operating system can exploit this issue to crash th...
CVE-2010-0309
The CVE concerns the pit_ioport_read function in the PIT emulation (i8254.c) of KVM 83, where improper use of the pit_state data structure can be exploited by a guest to trigger a host denial-of-service (host crash or hang) by reading /dev/port. Affected component is KVM's PIT emulation; impact i...
CVE-2010-0309
The pitioportread function in the Programmable Interval Timer PIT emulation in i8254.c in KVM 83 does not properly use the pitstate data structure, which allows guest OS users to cause a denial of service host OS crash or hang by attempting to read the /dev/port file...
Linux Kernel KVM pit_ioport_read()本地拒绝服务漏洞
BUGTRAQ ID: 38038 CVE ID: CVE-2010-0309 Linux Kernel是开放源码操作系统Linux所使用的内核。 在guest上执行cat /dev/port命令的时候,host会立即挂起。问题的起因是pitstate-channels有三个元素,pitioportread使用了addr作为pitgetcount的索引,因此inb0x43可能读写kvmkpitstate 的其他数据。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Linux Kernel 2.6.x - KVM pit_ioport_read() Local Denial of Service
Linux Kernel 2.6.x - KVM pitioportread Local Denial of Service source: https://www.securityfocus.com/bid/38038/info The Linux kernel is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine KVM. Attackers with local access to a guest operating system can...
Linux Kernel 2.6.x - KVM 'pit_ioport_read()' Local Denial of Service
source: https://www.securityfocus.com/bid/38038/info The Linux kernel is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine KVM. Attackers with local access to a guest operating system can exploit this issue to crash the host operating system. Successfu...