CVE-2010-0306
CWE-264Published: February 12, 2010· Updated: Jun 16, 2026
Official Description
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.
Technical Analysis
CVE-2010-0306 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
All References (16)
Quick Facts
Related CVEs (CWE-264)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2010-0306 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts