CVE 2009-2287: does not validate the page table root in a KVM_SET_SREGS call
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kvm (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Hardy |
Fix Released
|
Medium
|
Unassigned | ||
Intrepid |
Won't Fix
|
Medium
|
Unassigned | ||
Jaunty |
Won't Fix
|
Medium
|
Unassigned | ||
Karmic |
Fix Released
|
Medium
|
Unassigned |
Bug Description
The kvm_arch_
http://
This bug was fixed in the upstream Linux kernel in 2.6.30, and this has been applied to all of the Ubuntu linux kernels.
The kvm package also provides kvm-source, which contains the source for the kvm kernel module. This is built using DKMS in intrepid, jaunty, and karmic. In hardy, the package simply provides a tarball. There is no automatic building mechanism.
:-Dustin
Related branches
CVE References
Changed in kvm (Ubuntu Hardy): | |
status: | New → In Progress |
Changed in kvm (Ubuntu Intrepid): | |
status: | New → In Progress |
Changed in kvm (Ubuntu Jaunty): | |
status: | New → In Progress |
Changed in kvm (Ubuntu Karmic): | |
status: | New → In Progress |
Changed in kvm (Ubuntu Hardy): | |
importance: | Undecided → Medium |
Changed in kvm (Ubuntu Jaunty): | |
importance: | Undecided → Medium |
Changed in kvm (Ubuntu Intrepid): | |
importance: | Undecided → Medium |
Changed in kvm (Ubuntu Karmic): | |
importance: | Undecided → Medium |
This bug was fixed in the package kvm - 1:84+dfsg-0ubuntu16
--------------- 0ubuntu16) karmic; urgency=low
kvm (1:84+dfsg-
* debian/ patches/ CVE-2009- 2287.patch: patches/ CVE-2009- 2287.patch: git.kernel. org/?p= linux/kernel/ git/torvalds/ linux-2. 6.git;a= commitdiff; h=59839dfff5eab ca01cc4e20b4579 7a60a80af8cb
* SECURITY UPDATE: Users could cause a NULL pointer exception
by passing a bogus value of cr3 (LP: #406584).
- debian/
- http://
- CVE-2009-2287
-- Dustin Kirkland <email address hidden> Wed, 29 Jul 2009 15:00:32 -0500