[kernel-sec-discuss] r1496 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Fri Sep 18 17:06:13 UTC 2009
Author: gilbert-guest
Date: 2009-09-18 17:06:13 +0000 (Fri, 18 Sep 2009)
New Revision: 1496
Added:
active/CVE-2009-kvm-hypercalls-vulnerability
Log:
new issue
Added: active/CVE-2009-kvm-hypercalls-vulnerability
===================================================================
--- active/CVE-2009-kvm-hypercalls-vulnerability (rev 0)
+++ active/CVE-2009-kvm-hypercalls-vulnerability 2009-09-18 17:06:13 UTC (rev 1496)
@@ -0,0 +1,28 @@
+Candidate: requested on oss-sec
+Description:
+ "So far unprivileged guest callers running in ring 3 can issue, e.g.,
+ MMU hypercalls. Normally, such callers cannot provide any hand-crafted
+ MMU command structure as it has to be passed by its physical address,
+ but they can still crash the guest kernel by passing random addresses.
+ .
+ To close the hole, this patch considers hypercalls valid only if issued
+ from guest ring 0. This may still be relaxed on a per-hypercall base in
+ the future once required."
+ .
+ This was introduced in v2.6.25-rc1, and fixed in 2.6.31.
+References:
+ http://www.openwall.com/lists/oss-security/2009/09/18/1
+ http://patchwork.kernel.org/patch/38926/
+ https://bugzilla.redhat.com/show_bug.cgi?id=524124
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31) [07708c4af1346ab1521b26a202f438366b7bcffd]
+linux-2.6: needed
+2.6.18-etch-security: N/A "introduced in 2.6.25"
+2.6.24-etch-security: N/A "introduced in 2.6.25"
+2.6.26-lenny-security: needed
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
More information about the kernel-sec-discuss
mailing list