CVE-2010-0298
Published: 12 February 2010
The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.
From the Ubuntu security team
It was discovered that KVM did not correctly limit certain privileged IO accesses on x86. Processes in the guest OS with access to IO regions could gain further privileges within the guest OS.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
kvm Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Ignored
(reached end-of-life)
|
|
| intrepid |
Needed
(reached end-of-life)
|
|
| jaunty |
Ignored
(reached end-of-life)
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Needed
|
|
|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(2.6.24-28.70)
|
|
| intrepid |
Ignored
(was needed [reached end-of-life] now end-of-life)
|
|
| jaunty |
Released
(2.6.28-19.61)
|
|
| karmic |
Released
(2.6.31-22.60)
|
|
| lucid |
Released
(2.6.32-22.35)
|
|
| maverick |
Not vulnerable
|
|
| natty |
Not vulnerable
|
|
| upstream |
Needed
|
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Released
(2.6.31-307.15)
|
|
| lucid |
Released
(2.6.32-22.35)
|
|
| maverick |
Ignored
(binary supplied by "linux" now)
|
|
| natty |
Does not exist
|
|
| upstream |
Needed
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Released
(2.6.31-112.28)
|
|
| lucid |
Released
(2.6.31-608.14)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Not vulnerable
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Needed
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Released
(2.6.31-214.28)
|
|
| lucid |
Released
(2.6.32-205.18)
|
|
| maverick |
Not vulnerable
|
|
| natty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Not vulnerable
|
|
| natty |
Not vulnerable
|
|
| upstream |
Needs triage
|
Notes
| Author | Note |
|---|---|
| kees | access to IO/MMIO requires elevated privileges, which already allows for guest OS disruption. No working upstream solution yet. |