blob: 6ba2f76f39e0454a2fdc8c71cb4717f4f7470c97 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
Candidate: CVE-2009-3290
Description:
"So far unprivileged guest callers running in ring 3 can issue, e.g.,
MMU hypercalls. Normally, such callers cannot provide any hand-crafted
MMU command structure as it has to be passed by its physical address,
but they can still crash the guest kernel by passing random addresses.
.
To close the hole, this patch considers hypercalls valid only if issued
from guest ring 0. This may still be relaxed on a per-hypercall base in
the future once required."
.
This was introduced in v2.6.25-rc1, and fixed in 2.6.31
jmm> The oss-security posting is wrong, this was fixed in 2.6.31-1
References:
http://www.openwall.com/lists/oss-security/2009/09/18/1
http://patchwork.kernel.org/patch/38926/
https://bugzilla.redhat.com/show_bug.cgi?id=524124
Ubuntu-Description:
Notes:
brad spengler has already developed working exploit code for this, so this is
high-urgency
Bugs:
upstream: released (2.6.32-rc1) [07708c4af1346ab1521b26a202f438366b7bcffd]
linux-2.6: released (2.6.31-1)
2.6.18-etch-security: N/A "introduced in 2.6.25"
2.6.24-etch-security: N/A "introduced in 2.6.25"
2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/x86/kvm-disallow-hypercalls-for-guest-callers-in-rings-gt-0.patch]
|