CVE-2010-2784

Published: Aug 24, 2010Modified: Apr 29, 2026

6.6

Vector

AV:L/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 2.7 / Impact: 10.0

Source: NVD

Description

The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.

Affected (2)

Products: Redhat: Enterprise Virtualization, Kvm

2 products

Enterprise Virtualization

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Virtualization	Version 2.2
Redhat Kvm	Version 83

Related CWEs

References (8)

http://www.spinics.net/lists/kvm/msg39173.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=619411

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2010-0622.html

Source: secalert@redhat.com

PatchVendor Advisory

https://rhn.redhat.com/errata/RHSA-2010-0627.html

Source: secalert@redhat.com

PatchVendor Advisory

http://www.spinics.net/lists/kvm/msg39173.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=619411

Source: af854a3a-2127-422b-91ae-364da2661108

https://rhn.redhat.com/errata/RHSA-2010-0622.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://rhn.redhat.com/errata/RHSA-2010-0627.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.