USN-776-1 -- kvm vulnerabilitiesID: oval:org.secpod.oval:def:700423 | Date: (C)2011-05-13 (M)2023-11-09 |
Class: PATCH | Family: unix |
Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. Alfredo Ortega discovered that KVM"s VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. Jan Niehusmann discovered that KVM"s Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. It was discovered that KVM"s VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service
Platform: |
Ubuntu 8.10 |
Ubuntu 8.04 |