[kernel-sec-discuss] r1610 - active retired

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Nov 16 23:49:55 UTC 2009 

Author: jmm
Date: 2009-11-16 23:49:55 +0000 (Mon, 16 Nov 2009)
New Revision: 1610

Added:
   retired/CVE-2009-3290
Removed:
   active/CVE-2009-3290
Log:
retire issue


Deleted: active/CVE-2009-3290
===================================================================
--- active/CVE-2009-3290	2009-11-16 23:49:33 UTC (rev 1609)
+++ active/CVE-2009-3290	2009-11-16 23:49:55 UTC (rev 1610)
@@ -1,27 +0,0 @@
-Candidate: CVE-2009-3290 
-Description:
- "So far unprivileged guest callers running in ring 3 can issue, e.g., 
- MMU hypercalls. Normally, such callers cannot provide any hand-crafted 
- MMU command structure as it has to be passed by its physical address, 
- but they can still crash the guest kernel by passing random addresses.
- .
- To close the hole, this patch considers hypercalls valid only if issued 
- from guest ring 0. This may still be relaxed on a per-hypercall base in 
- the future once required."
- .
- This was introduced in v2.6.25-rc1, and fixed in 2.6.31
- jmm> The oss-security posting is wrong, this was fixed in 2.6.31-1
-References:
- http://www.openwall.com/lists/oss-security/2009/09/18/1
- http://patchwork.kernel.org/patch/38926/
- https://bugzilla.redhat.com/show_bug.cgi?id=524124
-Ubuntu-Description:
-Notes:
- brad spengler has already developed working exploit code for this, so this is 
- high-urgency
-Bugs:
-upstream: released (2.6.32-rc1) [07708c4af1346ab1521b26a202f438366b7bcffd]
-linux-2.6: released (2.6.31-1)
-2.6.18-etch-security: N/A "introduced in 2.6.25"
-2.6.24-etch-security: N/A "introduced in 2.6.25"
-2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/x86/kvm-disallow-hypercalls-for-guest-callers-in-rings-gt-0.patch]

Copied: retired/CVE-2009-3290 (from rev 1609, active/CVE-2009-3290)
===================================================================
--- retired/CVE-2009-3290	                        (rev 0)
+++ retired/CVE-2009-3290	2009-11-16 23:49:55 UTC (rev 1610)
@@ -0,0 +1,27 @@
+Candidate: CVE-2009-3290 
+Description:
+ "So far unprivileged guest callers running in ring 3 can issue, e.g., 
+ MMU hypercalls. Normally, such callers cannot provide any hand-crafted 
+ MMU command structure as it has to be passed by its physical address, 
+ but they can still crash the guest kernel by passing random addresses.
+ .
+ To close the hole, this patch considers hypercalls valid only if issued 
+ from guest ring 0. This may still be relaxed on a per-hypercall base in 
+ the future once required."
+ .
+ This was introduced in v2.6.25-rc1, and fixed in 2.6.31
+ jmm> The oss-security posting is wrong, this was fixed in 2.6.31-1
+References:
+ http://www.openwall.com/lists/oss-security/2009/09/18/1
+ http://patchwork.kernel.org/patch/38926/
+ https://bugzilla.redhat.com/show_bug.cgi?id=524124
+Ubuntu-Description:
+Notes:
+ brad spengler has already developed working exploit code for this, so this is 
+ high-urgency
+Bugs:
+upstream: released (2.6.32-rc1) [07708c4af1346ab1521b26a202f438366b7bcffd]
+linux-2.6: released (2.6.31-1)
+2.6.18-etch-security: N/A "introduced in 2.6.25"
+2.6.24-etch-security: N/A "introduced in 2.6.25"
+2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/x86/kvm-disallow-hypercalls-for-guest-callers-in-rings-gt-0.patch]

More information about the kernel-sec-discuss mailing list