Launchpad.net

CVE 2009-2287

The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function.

Related bugs and status

CVE-2009-2287 (Candidate) is related to these bugs:

Bug #403647: compiled without -fno-delete-null-pointer-checks

		In	Importance	Status
403647	compiled without -fno-delete-null-pointer-checks	linux (Ubuntu)	Medium	Fix Released
403647	compiled without -fno-delete-null-pointer-checks	linux (Ubuntu Dapper)	Undecided	Invalid
403647	compiled without -fno-delete-null-pointer-checks	linux (Ubuntu Hardy)	Medium	Fix Released
403647	compiled without -fno-delete-null-pointer-checks	linux (Ubuntu Jaunty)	Medium	Fix Released
403647	compiled without -fno-delete-null-pointer-checks	linux (Ubuntu Karmic)	Medium	Fix Released
403647	compiled without -fno-delete-null-pointer-checks	linux (Ubuntu Intrepid)	Medium	Fix Released
403647	compiled without -fno-delete-null-pointer-checks	linux-source-2.6.15 (Ubuntu)	Undecided	Invalid
403647	compiled without -fno-delete-null-pointer-checks	linux-source-2.6.15 (Ubuntu Dapper)	Medium	Fix Released
403647	compiled without -fno-delete-null-pointer-checks	linux-source-2.6.15 (Ubuntu Hardy)	Undecided	Invalid
403647	compiled without -fno-delete-null-pointer-checks	linux-source-2.6.15 (Ubuntu Intrepid)	Undecided	Invalid
403647	compiled without -fno-delete-null-pointer-checks	linux-source-2.6.15 (Ubuntu Jaunty)	Undecided	Invalid
403647	compiled without -fno-delete-null-pointer-checks	linux-source-2.6.15 (Ubuntu Karmic)	Undecided	Invalid

Bug #406584: CVE 2009-2287: does not validate the page table root in a KVM_SET_SREGS call

		In	Importance	Status
406584	CVE 2009-2287: does not validate the page table root in a KVM_SET_SREGS call	kvm (Ubuntu)	Medium	Fix Released
406584	CVE 2009-2287: does not validate the page table root in a KVM_SET_SREGS call	kvm (Ubuntu Hardy)	Medium	Fix Released
406584	CVE 2009-2287: does not validate the page table root in a KVM_SET_SREGS call	kvm (Ubuntu Intrepid)	Medium	Won't Fix
406584	CVE 2009-2287: does not validate the page table root in a KVM_SET_SREGS call	kvm (Ubuntu Jaunty)	Medium	Won't Fix
406584	CVE 2009-2287: does not validate the page table root in a KVM_SET_SREGS call	kvm (Ubuntu Karmic)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009063...
CONFIRM: http://git.kernel.org/...
CONFIRM: http://git.kernel.org/...
SECUNIA: 35675
DEBIAN: DSA-1845
UBUNTU: USN-807-1
SECUNIA: 36045
SECUNIA: 36054
MANDRIVA: MDVSA-2010:198
CONFIRM: http://sourceforge.net...