CVE-2010-0309

Priority
Medium
Description
The pit_ioport_read function in the Programmable Interval Timer (PIT)
emulation in i8254.c in KVM 83 does not properly use the pit_state data
structure, which allows guest OS users to cause a denial of service (host
OS crash or hang) by attempting to read the /dev/port file.
Ubuntu-Description
Marcelo Tosatti discovered that the Linux kernel's hardware virtualization
did not correctly handle reading the /dev/port special device. A local
attacker in a guest operating system could issue a specific read that would
cause the host system to crash, leading to a denial of service.
References
Package
Upstream:not-affected
Patches:
Package
Upstream:needed
Package
Source: kvm (LP Ubuntu Debian)
Upstream:needed
Package
Upstream:needs-triage
Package
Upstream:needed
Package
Source: linux (LP Ubuntu Debian)
Upstream:needed
Patches:
Proposed:http://www.mail-archive.com/kvm@vger.kernel.org/msg28002.html
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:37:49 UTC (commit 9756)