diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2009-11-16 23:49:55 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2009-11-16 23:49:55 +0000 |
commit | 529203518f65622e922aba00b0d3a5b50ca02581 (patch) | |
tree | a85ba81ff4befa2e9d4632d189636cf613d83751 /retired/CVE-2009-3290 | |
parent | cfc1d38003ffd34001e2e02f279286d0686b9320 (diff) |
retire issue
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1610 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2009-3290')
-rw-r--r-- | retired/CVE-2009-3290 | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/retired/CVE-2009-3290 b/retired/CVE-2009-3290 new file mode 100644 index 00000000..6ba2f76f --- /dev/null +++ b/retired/CVE-2009-3290 @@ -0,0 +1,27 @@ +Candidate: CVE-2009-3290 +Description: + "So far unprivileged guest callers running in ring 3 can issue, e.g., + MMU hypercalls. Normally, such callers cannot provide any hand-crafted + MMU command structure as it has to be passed by its physical address, + but they can still crash the guest kernel by passing random addresses. + . + To close the hole, this patch considers hypercalls valid only if issued + from guest ring 0. This may still be relaxed on a per-hypercall base in + the future once required." + . + This was introduced in v2.6.25-rc1, and fixed in 2.6.31 + jmm> The oss-security posting is wrong, this was fixed in 2.6.31-1 +References: + http://www.openwall.com/lists/oss-security/2009/09/18/1 + http://patchwork.kernel.org/patch/38926/ + https://bugzilla.redhat.com/show_bug.cgi?id=524124 +Ubuntu-Description: +Notes: + brad spengler has already developed working exploit code for this, so this is + high-urgency +Bugs: +upstream: released (2.6.32-rc1) [07708c4af1346ab1521b26a202f438366b7bcffd] +linux-2.6: released (2.6.31-1) +2.6.18-etch-security: N/A "introduced in 2.6.25" +2.6.24-etch-security: N/A "introduced in 2.6.25" +2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/x86/kvm-disallow-hypercalls-for-guest-callers-in-rings-gt-0.patch] |