6.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.1%
The subpage MMIO initialization functionality in the subpage_register
function in exec.c in QEMU-KVM, as used in the Hypervisor (aka
rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM
83, does not properly select the index for access to the callback array,
which allows guest OS users to cause a denial of service (guest OS crash)
or possibly gain privileges via unspecified vectors.