Vulnerability Description
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Virtualization Hypervisor | <= 5.4-2.1 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2010-0271.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=568702
- https://rhn.redhat.com/errata/RHSA-2010-0476.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2010-0271.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=568702
- https://rhn.redhat.com/errata/RHSA-2010-0476.htmlVendor Advisory
FAQ
What is CVE-2010-0430?
CVE-2010-0430 is a vulnerability with a CVSS score of 7.4 (HIGH). libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to...
How severe is CVE-2010-0430?
CVE-2010-0430 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0430?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Virtualization Hypervisor.