CVE-2009-2287

EUVD-2009-2283
The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
2.6.0 ≤
𝑥
< 2.6.30
canonicalubuntu_linux
6.06
canonicalubuntu_linux
8.04
canonicalubuntu_linux
8.10
canonicalubuntu_linux
9.04
debiandebian_linux
4.0
debiandebian_linux
5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kvm
dapper
dne
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
dne
lucid
dne
maverick
dne
natty
dne
linux
dapper
dne
hardy
Fixed 2.6.24-24.57
released
intrepid
Fixed 2.6.27-14.37
released
jaunty
Fixed 2.6.28-14.47
released
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
linux-ec2
dapper
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
not-affected
lucid
not-affected
maverick
ignored
natty
dne
linux-fsl-imx51
dapper
dne
hardy
dne
karmic
not-affected
lucid
not-affected
maverick
dne
natty
dne
linux-lts-backport-maverick
dapper
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
not-affected
maverick
dne
natty
dne
linux-mvl-dove
dapper
dne
hardy
dne
karmic
ignored
lucid
not-affected
maverick
not-affected
natty
dne
linux-source-2.6.15
dapper
Fixed 2.6.15-54.78
released
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
linux-ti-omap4
dapper
dne
hardy
dne
karmic
dne
lucid
dne
maverick
not-affected
natty
not-affected
qemu-kvm
dapper
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
Common Weakness Enumeration
References
http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git%3Ba=blob%3Bf=queue-2.6.30/kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch%3Bh=b48a47dad2cf76358b327368f80c0805e6370c68%3Bhb=e7c45b24f298b5d9efd7d401150f64a1b51aaac4
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=59839dfff5eabca01cc4e20b45797a60a80af8cb
http://secunia.com/advisories/35675
http://secunia.com/advisories/36045
http://secunia.com/advisories/36054
http://sourceforge.net/tracker/?func=detail&atid=893831&aid=2687641&group_id=180599
http://www.debian.org/security/2009/dsa-1845
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
http://www.openwall.com/lists/oss-security/2009/06/30/1
http://www.ubuntu.com/usn/usn-807-1
http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git%3Ba=blob%3Bf=queue-2.6.30/kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch%3Bh=b48a47dad2cf76358b327368f80c0805e6370c68%3Bhb=e7c45b24f298b5d9efd7d401150f64a1b51aaac4
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=59839dfff5eabca01cc4e20b45797a60a80af8cb
http://secunia.com/advisories/35675
http://secunia.com/advisories/36045
http://secunia.com/advisories/36054
http://sourceforge.net/tracker/?func=detail&atid=893831&aid=2687641&group_id=180599
http://www.debian.org/security/2009/dsa-1845
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
http://www.openwall.com/lists/oss-security/2009/06/30/1
http://www.ubuntu.com/usn/usn-807-1