[kernel-sec-discuss] r1500 - active

[Michael Gilbert]

Author: gilbert-guest
Date: 2009-09-25 17:12:03 +0000 (Fri, 25 Sep 2009)
New Revision: 1500

Added:
   active/CVE-2009-potential-priviledge-escalation-in-kvm-vmx
Modified:
   active/CVE-2009-3234
Log:
new issue and some updated info

Modified: active/CVE-2009-3234
===================================================================
--- active/CVE-2009-3234	2009-09-23 18:25:08 UTC (rev 1499)
+++ active/CVE-2009-3234	2009-09-25 17:12:03 UTC (rev 1500)
@@ -7,9 +7,10 @@
 Ubuntu-Description:
 Notes:
  kernel/perf_counter.c was introduced in commit 0793a61d (v2.6.31-rc1)
+ brad spengler has working exploit code for this one, so high-urgency
 Bugs:
-upstream: pending (2.6.32-rc2) [b3e62e3]
-linux-2.6: needed
+upstream: released (2.6.31.1) [986ddf533c1dd6852196182084aefe1ca9eda34e], pending (2.6.32-rc2) [b3e62e3]
+linux-2.6: N/A "introduced in 2.6.31-rc1; recheck when 2.6.31 enters unstable"
 2.6.18-etch-security: N/A "vulnerable code not present"
 2.6.24-etch-security: N/A "vulnerable code not present"
 2.6.26-lenny-security: N/A "vulnerable code not present"

Added: active/CVE-2009-potential-priviledge-escalation-in-kvm-vmx
===================================================================
--- active/CVE-2009-potential-priviledge-escalation-in-kvm-vmx	                        (rev 0)
+++ active/CVE-2009-potential-priviledge-escalation-in-kvm-vmx	2009-09-25 17:12:03 UTC (rev 1500)
@@ -0,0 +1,15 @@
+Candidate:
+Description:
+ Debug registers may only be accessed from cpl 0.  Unfortunately, vmx will
+ code to emulate the instruction even though it was issued from guest
+ userspace, possibly leading to an unexpected trap later.
+References:
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commitdiff;h=bd634611e589582bba636434af7fcbf782eceb42
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31.1)
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security: