CVE-2009-2287
Published: 1 July 2009
The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function.
From the Ubuntu Security Team
Matt T. Yourst discovered that KVM did not correctly validate the page table root. A local attacker could exploit this to crash the system, leading to a denial of service.
Notes
Author | Note |
---|---|
jdstrand | code does not exist in qemu-kvm, and is part of the kernel code |
Priority
Status
Package | Release | Status |
---|---|---|
kvm Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(85+dfsg-4)
|
|
Patches: other: http://sourceforge.net/tracker/?func=detail&atid=893831&aid=2687641&group_id=180599 |
||
Binaries built from this source package are in Universe and so are supported by the community. | ||
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.6.24-24.57)
|
|
intrepid |
Released
(2.6.27-14.37)
|
|
jaunty |
Released
(2.6.28-14.47)
|
|
karmic |
Not vulnerable
(2.6.31.1.11)
|
|
lucid |
Not vulnerable
(2.6.31.1.11)
|
|
maverick |
Not vulnerable
(2.6.31.1.11)
|
|
natty |
Not vulnerable
(2.6.31.1.11)
|
|
upstream |
Released
(2.6.31~rc1)
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Not vulnerable
(2.6.31.1.11)
|
|
lucid |
Not vulnerable
(2.6.31.1.11)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
upstream |
Released
(2.6.31~rc1)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(2.6.31~rc1)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Not vulnerable
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(2.6.31~rc1)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Does not exist
|
|
upstream |
Released
(2.6.31~rc1)
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-54.78)
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(2.6.31~rc1)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
upstream |
Released
(2.6.31~rc1)
|
|
qemu-kvm Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
upstream |
Not vulnerable
|