CVE-2009-4004
Publication date 20 November 2009
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a KVM_X86_SETUP_MCE IOCTL request that specifies a large number of Machine Check Exception (MCE) banks.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | 9.10 karmic |
Not affected
|
9.04 jaunty |
Not affected
|
|
8.10 intrepid |
Not affected
|
|
8.04 LTS hardy |
Not affected
|
|
6.06 LTS dapper | Not in release | |
linux-source-2.6.15 | 9.10 karmic | Not in release |
9.04 jaunty | Not in release | |
8.10 intrepid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper |
Not affected
|
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |