CVE-2010-0431

EPSS 0.05%
Published 24.08.2010 18:00:38
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Enterprise Virtualization Version2.2

Redhat ≫ Kvm Version83

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.128

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.6	2.7	10	AV:L/AC:M/Au:S/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://rhn.redhat.com/errata/RHSA-2010-0622.html

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=568809

Patch

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2010-0627.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2010-0431

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0431

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0431

EUVD