Bug 568702 (CVE-2010-0430)

Summary: CVE-2010-0430 libspice: Insufficient guest provided memory mappings boundaries validations
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: alexl, apevec, ehabkost, iheim, jrb, kraxel, kreilly, sct, security-response-team, tburke, uril, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-26 16:21:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 568726, 568727, 568728, 568738, 568811    
Bug Blocks:    

Description Petr Matousek 2010-02-26 12:14:00 UTC 
Izik Eidus found a bug in QEMU that allows priviledged guest user to
control the address Cairo library uses to map it's memory and
and therefore the guest can read/write into the whole QEMU address space.
Comment 5 Petr Matousek 2010-06-30 09:29:43 UTC 
Statement:

The CVE-2010-0430 issue was fixed in the kvm packages for Red Hat Enterprise Linux 5 via RHSA-2010:0271, and fixed in the rhev-hypervisor package via RHSA-2010:0476. This CVE was not disclosed at the time the errata were released; therefore, it was not mentioned in them.