CVE-2010-0309 - Vulnerability Details - OpenCVE

The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Kernel
Redhat	Enterprise Linux Rhel Virtualization

Configuration 1 [-]

cpe:2.3:a:linux:kernel:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
kvm-0:83-105.el5_4.22	cpe:/a:redhat:rhel_virtualization:5	RHSA-2010:0088	2010-02-09T00:00:00Z
Red Hat Enterprise Virtualization for RHEL-5
rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1	cpe:/o:redhat:enterprise_linux:5::hypervisor	RHSA-2010:0095	2010-02-09T00:00:00Z

References

Link	Providers
http://secunia.com/advisories/38492
http://secunia.com/advisories/38922
http://www.debian.org/security/2010/dsa-1996
http://www.mail-archive.com/kvm%40vger.kernel.org/msg28002.html
http://www.openwall.com/lists/oss-security/2010/02/02/1
http://www.openwall.com/lists/oss-security/2010/02/02/4
http://www.securityfocus.com/bid/38158
http://www.ubuntu.com/usn/USN-914-1
http://www.vupen.com/english/advisories/2010/0638
https://bugzilla.redhat.com/show_bug.cgi?id=560887
https://nvd.nist.gov/vuln/detail/CVE-2010-0309
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11095
https://rhn.redhat.com/errata/RHSA-2010-0088.html
https://rhn.redhat.com/errata/RHSA-2010-0095.html
https://www.cve.org/CVERecord?id=CVE-2010-0309

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-02-12T19:00:00

Updated: 2024-08-07T00:45:12.089Z

Reserved: 2010-01-12T00:00:00

Link: CVE-2010-0309

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-02-12T19:30:00.627

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-0309

Redhat

Severity : Moderate

Publid Date: 2010-01-07T00:00:00Z

Links: CVE-2010-0309 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-02-02T00:00:00", "descriptions": [{"lang": "en", "value": "The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "38158", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38158"}, {"name": "USN-914-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-914-1"}, {"name": "ADV-2010-0638", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0638"}, {"name": "RHSA-2010:0088", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"}, {"name": "38922", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38922"}, {"name": "[oss-security] 20100202 Re: CVE request - kvm: cat /dev/port in the guest can cause host DoS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/02/02/4"}, {"name": "DSA-1996", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-1996"}, {"name": "oval:org.mitre.oval:def:11095", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11095"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560887"}, {"name": "[oss-security] 20100202 CVE request - kvm: cat /dev/port in the guest can cause host DoS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/02/02/1"}, {"name": "[kvm] 20100129 KVM: PIT: control word is write-only", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg28002.html"}, {"name": "RHSA-2010:0095", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"}, {"name": "38492", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38492"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:45:12.089Z"}, "title": "CVE Program Container", "references": [{"name": "38158", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38158"}, {"name": "USN-914-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-914-1"}, {"name": "ADV-2010-0638", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0638"}, {"name": "RHSA-2010:0088", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"}, {"name": "38922", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38922"}, {"name": "[oss-security] 20100202 Re: CVE request - kvm: cat /dev/port in the guest can cause host DoS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/02/02/4"}, {"name": "DSA-1996", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-1996"}, {"name": "oval:org.mitre.oval:def:11095", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11095"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560887"}, {"name": "[oss-security] 20100202 CVE request - kvm: cat /dev/port in the guest can cause host DoS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/02/02/1"}, {"name": "[kvm] 20100129 KVM: PIT: control word is write-only", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg28002.html"}, {"name": "RHSA-2010:0095", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"}, {"name": "38492", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38492"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-0309", "datePublished": "2010-02-12T19:00:00", "dateReserved": "2010-01-12T00:00:00", "dateUpdated": "2024-08-07T00:45:12.089Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linux:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8C63AEA-5ECC-4B32-9C77-9F7FFD1AE9E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file."}, {"lang": "es", "value": "La funci\u00f3n pit_ioport_read en la emulaci\u00f3n Programmable Interval Timer (PIT) en i8254.c en KVM 83, no usa adecuadamente la estructura pit_state, lo que permite a invitados del sistema operativo, provocar una denegaci\u00f3n de servicio (ca\u00edda o cuelgue del sistema) al intentar leer el archivo /dev/port."}], "id": "CVE-2010-0309", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-12T19:30:00.627", "references": [{"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/38492"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/38922"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-1996"}, {"source": "secalert@redhat.com", "url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg28002.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/02/02/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/02/02/4"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/38158"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-914-1"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/0638"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560887"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11095"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/38492"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/38922"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-1996"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg28002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/02/02/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/02/02/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/38158"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-914-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/0638"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560887"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11095"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}