CVE-2010-0431

NameCVE-2010-0431
DescriptionQEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu-kvm (PTS)wheezy1.1.2+dfsg-6+deb7u12fixed
wheezy (security)1.1.2+dfsg-6+deb7u23fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kvmsource(unstable)(not affected)
qemu-kvmsource(unstable)(not affected)

Notes

- qemu-kvm <not-affected> (QXL support not yet present in Debian packages)
- kvm <not-affected> (QXL support not yet present in Debian packages)

Search for package or bug name: Reporting problems