CVE-2010-0298 — Vulnetix

Try Vulnetix Request Demo

CVE-2010-0298 PUBLISHED CVSS 6.5 MEDIUM

The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.

EPSS 0.54% · 67.4th percentile

Risk Scores

CVSS v2.0

6.5

EPSS Score

0.54%

67.4th percentile

Affected Products

Vendor	Product	Versions
debian	debian_linux	5.0
n/a	n/a	n/a
linux	linux_kernel	2.6.28

Timeline

Feb 12, 2010 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

38158 vdb
https://bugzilla.redhat.com/show_bug.cgi?id=559091 url
oval:org.mitre.oval:def:11335 vdb
RHSA-2010:0088 vendor-advisory
DSA-1996 vendor-advisory
RHSA-2010:0095 vendor-advisory
38492 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2010-0298 advisory

Open in Interactive Console →