CVE-2009-4031

Priority
Medium
Description
The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in
the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries
to interpret instructions that contain too many bytes to be valid, which
allows guest OS users to cause a denial of service (increased scheduling
latency) on the host OS via unspecified manipulations related to SMP
support.
Ubuntu-Description
It was discovered that KVM did not correctly decode certain guest
instructions. A local attacker in a guest could exploit this to trigger
high scheduling latency in the host, leading to a denial of service.
References
Bugs
Assigned-to
ogasawara
Package
Source: kvm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:released (2.6.32)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:released (2.6.32)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.32)
Ubuntu 8.04 LTS (Hardy Heron):released (2.6.24-27.65)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
Patches:
Upstream:http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commit;h=e42d9b8141d1f54ff72ad3850bb110c95a5f3b88
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:24 UTC (commit 5347)