Executive Summary

Informations
Name CVE-2010-0419 First vendor Publication 2010-03-05
Vendor Cve Last vendor Modification 2017-09-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.4 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0419

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10139
 
Oval ID: oval:org.mitre.oval:def:10139
Title: The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
Description: The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0419
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18623
 
Oval ID: oval:org.mitre.oval:def:18623
Title: DSA-2010-1 kvm - several vulnerabilities
Description: Several local vulnerabilities have been discovered in kvm, a full virtualization system.
Family: unix Class: patch
Reference(s): DSA-2010-1
CVE-2010-0298
CVE-2010-0306
CVE-2010-0309
CVE-2010-0419
 Version: 7
Platform(s): Debian GNU/Linux 5.0
 Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22115
 
Oval ID: oval:org.mitre.oval:def:22115
Title: RHSA-2010:0126: kvm security and bug fix update (Important)
Description: The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
Family: unix Class: patch
Reference(s): RHSA-2010:0126-01
CESA-2010:0126
CVE-2009-3722
CVE-2010-0419
 Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23079
 
Oval ID: oval:org.mitre.oval:def:23079
Title: ELSA-2010:0126: kvm security and bug fix update (Important)
Description: The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
Family: unix Class: patch
Reference(s): ELSA-2010:0126-01
CVE-2009-3722
CVE-2010-0419
 Version: 13
Platform(s): Oracle Linux 5
 Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27791
 
Oval ID: oval:org.mitre.oval:def:27791
Title: DEPRECATED: ELSA-2010-0126 -- kvm security and bug fix update (important)
Description: [kvm-83-105.0.1.el5_4.27] - Add kvm-add-oracle-workaround-for-libvirt-bug.patch [kvm-83-105.el5_4.27] - kvm-kernel-KVM-VMX-Check-cpl-before-emulating-debug-register-ac.patch [bz#563516] - Resolves: bz#563516 (KVM: Check cpl before emulating debug register access [rhel-5.4.z]) [kvm-83-105.el5_4.26] - kvm-kernel-KVM-Don-t-check-access-permission-when-loading-segme.patch [bz#563464] - kvm-kernel-KVM-Disable-move-to-segment-registers-and-jump-far-i.patch [bz#563464] - Resolves: bz#563464 (EMBARGOED CVE-2010-0419 kvm: emulator privilege escalation segment selector check [rhel-5.4.z]) [kvm-83-105.el5_4.25] - kvm-virtio-blk-Fix-reads-turned-into-writes-after-read-e.patch [bz#562776] - kvm-virtio-blk-Handle-bdrv_aio_read-write-NULL-return.patch [bz#562776] - Resolves: bz#562776 (Guest image corruption after RHEV-H update to 5.4-2.1.3.el5_4rhev2_1) [kvm-83-105.el5_4.24] - Apply bz#561022 patches again (undo the reverts from kvm-83-105.el5_4.23) - kvm-qemu-add-routines-for-atomic-16-bit-accesses-take-2.patch [bz#561022] - kvm-qemu-virtio-atomic-access-for-index-values-take-2.patch [bz#561022] - Resolves: bz#561022 (QEMU terminates without warning with virtio-net and SMP enabled) [kvm-83-105.el5_4.23] - Revert bz#561022 patches by now, until they get better testing - kvm-Revert-qemu-virtio-atomic-access-for-index-values.patch [bz#561022] - kvm-Revert-qemu-add-routines-for-atomic-16-bit-accesses.patch [bz#561022] - Related: bz#561022 (QEMU terminates without warning with virtio-net and SMP enabled)
Family: unix Class: patch
Reference(s): ELSA-2010-0126
CVE-2009-3722
CVE-2010-0419
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7147
 
Oval ID: oval:org.mitre.oval:def:7147
Title: DSA-2010 kvm -- privilege escalation/denial of service
Description: Several local vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: Gleb Natapov discovered issues in the KVM subsystem where missing permission checks permit a user in a guest system to denial of service a guest or gain escalated privileges with the guest. Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service of the host system. Paolo Bonzini found a bug in KVM that can be used to bypass proper permission checking while loading segment selectors. This potentially allows privileged guest users to execute privileged instructions on the host system.
Family: unix Class: patch
Reference(s): DSA-2010
CVE-2010-0298
CVE-2010-0306
CVE-2010-0309
CVE-2010-0419
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): kvm
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2010-06-07 Name : Ubuntu Update for Linux kernel vulnerabilities USN-947-1
File : nvt/gb_ubuntu_USN_947_1.nasl
2010-06-07 Name : Ubuntu Update for linux regression USN-947-2
File : nvt/gb_ubuntu_USN_947_2.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62845 KVM 83 x86 Emulator SMP Segment Register Selector Local Privilege Escalation

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-03-04 IAVM : 2010-A-0037 - Multiple Vulnerabilities in Linux Kernel
Severity : Category I - VMSKEY : V0022704

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0126.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0126.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100301_kvm_on_SL5_4.nasl - Type : ACT_GATHER_INFO
2010-06-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-947-1.nasl - Type : ACT_GATHER_INFO
2010-06-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-947-2.nasl - Type : ACT_GATHER_INFO
2010-03-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2010.nasl - Type : ACT_GATHER_INFO
2010-03-04 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0126.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/38467
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=563463
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2010-0126.html
SECTRACK http://securitytracker.com/id?1023663
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/56662

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2021-05-04 12:11:06
  • Multiple Updates
2021-04-22 01:11:39
  • Multiple Updates
2020-05-23 00:25:14
  • Multiple Updates
2017-09-19 09:23:38
  • Multiple Updates
2017-08-17 09:22:54
  • Multiple Updates
2016-04-26 19:33:30
  • Multiple Updates
2014-02-17 10:53:40
  • Multiple Updates
2013-11-11 12:38:37
  • Multiple Updates
2013-05-10 23:17:26
  • Multiple Updates