retire issue

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1610 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 27 insertions, 0 deletions

diff --git a/retired/CVE-2009-3290 b/retired/CVE-2009-3290
new file mode 100644
index 00000000..6ba2f76f
--- /dev/null
+++ b/retired/CVE-2009-3290
@@ -0,0 +1,27 @@
+Candidate: CVE-2009-3290 
+Description:
+ "So far unprivileged guest callers running in ring 3 can issue, e.g., 
+ MMU hypercalls. Normally, such callers cannot provide any hand-crafted 
+ MMU command structure as it has to be passed by its physical address, 
+ but they can still crash the guest kernel by passing random addresses.
+ .
+ To close the hole, this patch considers hypercalls valid only if issued 
+ from guest ring 0. This may still be relaxed on a per-hypercall base in 
+ the future once required."
+ .
+ This was introduced in v2.6.25-rc1, and fixed in 2.6.31
+ jmm> The oss-security posting is wrong, this was fixed in 2.6.31-1
+References:
+ http://www.openwall.com/lists/oss-security/2009/09/18/1
+ http://patchwork.kernel.org/patch/38926/
+ https://bugzilla.redhat.com/show_bug.cgi?id=524124
+Ubuntu-Description:
+Notes:
+ brad spengler has already developed working exploit code for this, so this is 
+ high-urgency
+Bugs:
+upstream: released (2.6.32-rc1) [07708c4af1346ab1521b26a202f438366b7bcffd]
+linux-2.6: released (2.6.31-1)
+2.6.18-etch-security: N/A "introduced in 2.6.25"
+2.6.24-etch-security: N/A "introduced in 2.6.25"
+2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/x86/kvm-disallow-hypercalls-for-guest-callers-in-rings-gt-0.patch]