CVE-2010-0298
Published: 12 February 2010
The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.
From the Ubuntu Security Team
It was discovered that KVM did not correctly limit certain privileged IO accesses on x86. Processes in the guest OS with access to IO regions could gain further privileges within the guest OS.
Notes
Author | Note |
---|---|
kees | access to IO/MMIO requires elevated privileges, which already allows for guest OS disruption. No working upstream solution yet. |
Priority
Status
Package | Release | Status |
---|---|---|
kvm Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needed
|
|
Binaries built from this source package are in Universe and so are supported by the community. | ||
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.6.24-28.70)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Released
(2.6.28-19.61)
|
|
karmic |
Released
(2.6.31-22.60)
|
|
lucid |
Released
(2.6.32-22.35)
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
upstream |
Needed
|
|
Patches: vendor: https://bugzilla.redhat.com/attachment.cgi?id=386981&action=diff |
||
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Released
(2.6.31-307.15)
|
|
lucid |
Released
(2.6.32-22.35)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
upstream |
Needed
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-112.28)
|
|
lucid |
Released
(2.6.31-608.14)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Not vulnerable
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needed
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-214.28)
|
|
lucid |
Released
(2.6.32-205.18)
|
|
maverick |
Not vulnerable
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
upstream |
Needs triage
|