Description
A flaw was found in the Programmable Interval Timer (PIT) emulation. Access
to the internal data structure pit_state, which represents the data state
of the emulated PIT, was not properly validated in the pit_ioport_read()
function. A privileged guest user could use this flaw to crash the host.
(CVE-2010-0309)
A flaw was found in the USB passthrough handling code. A specially-crafted
USB packet sent from inside a guest could be used to trigger a buffer
overflow in the usb_host_handle_control() function, which runs under the
QEMU-KVM context on the host. A user in a guest could leverage this flaw to
cause a denial of service (guest hang or crash) or possibly escalate their
privileges within the host. (CVE-2010-0297)