[kernel-sec-discuss] r1496 - active

Michael Gilbert gilbert-guest at alioth.debian.org
Fri Sep 18 17:06:13 UTC 2009


Author: gilbert-guest
Date: 2009-09-18 17:06:13 +0000 (Fri, 18 Sep 2009)
New Revision: 1496

Added:
   active/CVE-2009-kvm-hypercalls-vulnerability
Log:
new issue

Added: active/CVE-2009-kvm-hypercalls-vulnerability
===================================================================
--- active/CVE-2009-kvm-hypercalls-vulnerability	                        (rev 0)
+++ active/CVE-2009-kvm-hypercalls-vulnerability	2009-09-18 17:06:13 UTC (rev 1496)
@@ -0,0 +1,28 @@
+Candidate: requested on oss-sec
+Description:
+ "So far unprivileged guest callers running in ring 3 can issue, e.g., 
+ MMU hypercalls. Normally, such callers cannot provide any hand-crafted 
+ MMU command structure as it has to be passed by its physical address, 
+ but they can still crash the guest kernel by passing random addresses.
+ .
+ To close the hole, this patch considers hypercalls valid only if issued 
+ from guest ring 0. This may still be relaxed on a per-hypercall base in 
+ the future once required."
+ .
+ This was introduced in v2.6.25-rc1, and fixed in 2.6.31.
+References:
+ http://www.openwall.com/lists/oss-security/2009/09/18/1
+ http://patchwork.kernel.org/patch/38926/
+ https://bugzilla.redhat.com/show_bug.cgi?id=524124
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31) [07708c4af1346ab1521b26a202f438366b7bcffd]
+linux-2.6: needed
+2.6.18-etch-security: N/A "introduced in 2.6.25"
+2.6.24-etch-security: N/A "introduced in 2.6.25"
+2.6.26-lenny-security: needed
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:




More information about the kernel-sec-discuss mailing list