CVE-2009-3638 (retired)

Priority
Description
Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in
arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4
allows local users to have an unspecified impact via a
KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.
Ubuntu-Description
David Wagner discovered that KVM did not correctly bounds-check CPUID
entries. A local attacker could exploit this to crash the system or
possibly gain elevated privileges. Ubuntu 6.06 and 9.10 were not affected.
Package
Source: kvm (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:released (2.6.32~rc4)
Package
Upstream:released (2.6.32~rc4)
Package
Upstream:released (2.6.32~rc4)
Package
Upstream:released (2.6.32~rc4)
Package
Upstream:released (2.6.32~rc4)
Package
Upstream:released (2.6.32~rc4)
Package
Upstream:not-affected
More Information

Updated: 2019-03-26 11:49:20 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)