Veracode Vulnerability DatabaseVERACODE:24362Information Disclosure
0.0004 Low
EPSS
Percentile
5.1%
kvm is vulnerable to information disclosure. The vulnerability exists as a data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in QEMU-KVM was not initialized properly before being copied to user-space. A privileged host user with access to â/dev/kvmâ could use this flaw to leak kernel stack memory to user-space.
References
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/index.html
osvdb.org/70377
secunia.com/advisories/42890
www.openwall.com/lists/oss-security/2011/01/05/1
www.openwall.com/lists/oss-security/2011/01/05/9
www.openwall.com/lists/oss-security/2011/01/06/3
www.redhat.com/support/errata/RHSA-2011-0007.html
www.redhat.com/support/errata/RHSA-2011-0028.html
www.securityfocus.com/bid/45676
www.vupen.com/english/advisories/2011/0123
access.redhat.com/errata/RHSA-2011:0028
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4525
exchange.xforce.ibmcloud.com/vulnerabilities/64519
Related
