CVE-2010-0297 — Vulnetix

Try Vulnetix Request Demo

CVE-2010-0297 PUBLISHED CVSS 7.199999809265137 HIGH

Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.

EPSS 0.09% · 24.8th percentile

Risk Scores

CVSS v2.0

7.199999809265137

EPSS Score

0.09%

24.8th percentile

Affected Products

Vendor	Product	Versions
qemu	qemu	0.10.5, 0, 0.1.0
n/a	n/a	n/a

Timeline

Feb 12, 2010 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Feb 4, 2023 EPSS Score
Feb 13, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score

References

38158 vdb
[kvm] 20090721 Re: KVM crashes when using certain USB device mailing-list
[oss-security] 20100204 Re: KVM possible security issues fixed mailing-list
[kvm] 20090702 KVM crashes when using certain USB device mailing-list
RHSA-2010:0088 vendor-advisory
kernel-usb-bo(56194) vdb
[kvm] 20090721 Re: KVM crashes when using certain USB device mailing-list
https://bugzilla.redhat.com/show_bug.cgi?id=557025 url
oval:org.mitre.oval:def:11786 vdb
[oss-security] 20100202 KVM possible security issues fixed mailing-list
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f url
http://wiki.qemu.org/ChangeLog url
https://nvd.nist.gov/vuln/detail/CVE-2010-0297 advisory
http://www.mail-archive.com/kvm@vger.kernel.org/msg18447.html url
http://www.mail-archive.com/kvm@vger.kernel.org/msg19581.html url
http://www.mail-archive.com/kvm@vger.kernel.org/msg19596.html url

Open in Interactive Console →