CVE-2009-4031

Priority
Medium
Description
The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in
the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries
to interpret instructions that contain too many bytes to be valid, which
allows guest OS users to cause a denial of service (increased scheduling
latency) on the host OS via unspecified manipulations related to SMP
support.
Ubuntu-Description
It was discovered that KVM did not correctly decode certain guest
instructions. A local attacker in a guest could exploit this to trigger
high scheduling latency in the host, leading to a denial of service.
References
Bugs
Assigned-to
ogasawara
Package
Source: kvm (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (2.6.32)
Package
Upstream:not-affected
Package
Upstream:needs-triage
Package
Upstream:released (2.6.32)
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.32)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by eb3c79e64a70fb8f7473e30fa07e89c1ecc2c9bb
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2016-09-21 16:14:47 UTC (commit 11514)