TECHNICAL BULLETIN
TECHNICAL BULLETIN
| PROBLEM: | The Linux kernel is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine (KVM). |
| PLATFORM: | Linux kernel 2.6.25-rc1 through 2.6.30, when running on x86 systems. |
| ABSTRACT: | The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVMdoes not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash). |
| LINKS: | |
| DOE-CIRC BULLETIN: | http://www.doecirc.energy.gov/bulletins/t-239.shtml |
| OTHER LINKS: |
Security Focus http://www.securityfocus.com/bid/36512/info Bugzilla https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=524124 |
| CVE: |
CVE-2009-3290 |
| IMPACT ASSESSMENT: | This risk is low. Attackers can exploit this issue to crash a guest kernel or potentially gain read or write access to guest kernel memory. |
[***** Start CVE-2009-3290 *****] Discussion: The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses." Vulnerable: Linux kernel 2.6.31 -rc7 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.31 -rc6 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.31 -rc3 Linux kernel 2.6.31 -rc1 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.30 rc6 Linux kernel 2.6.30 1 Linux kernel 2.6.30 -rc5 Linux kernel 2.6.30 -rc3 Linux kernel 2.6.30 -rc2 Linux kernel 2.6.30 -rc1 Linux kernel 2.6.30 Linux kernel 2.6.29 4 Linux kernel 2.6.29 1 Linux kernel 2.6.29 -git8 Linux kernel 2.6.29 -git14 Linux kernel 2.6.29 -git1 Linux kernel 2.6.29 Linux kernel 2.6.28 9 Linux kernel 2.6.28 8 Linux kernel 2.6.28 6 Linux kernel 2.6.28 5 Linux kernel 2.6.28 3 Linux kernel 2.6.28 2 Linux kernel 2.6.28 1 Linux kernel 2.6.28 -rc7 Linux kernel 2.6.28 -rc5 Linux kernel 2.6.28 -rc1 Linux kernel 2.6.28 -git7 Linux kernel 2.6.28 Linux kernel 2.6.27 6 Linux kernel 2.6.27 3 Linux kernel 2.6.27 24 Linux kernel 2.6.27 14 Linux kernel 2.6.27 13 Linux kernel 2.6.27 12 Linux kernel 2.6.27 12 Linux kernel 2.6.27 .8 Linux kernel 2.6.27 .5 Linux kernel 2.6.27 .5 Linux kernel 2.6.27 -rc8-git5 Linux kernel 2.6.27 -rc8 Linux kernel 2.6.27 -rc6-git6 Linux kernel 2.6.27 -rc6 Linux kernel 2.6.27 -rc5 Linux kernel 2.6.27 -rc2 Linux kernel 2.6.27 -rc1 Linux kernel 2.6.27 Linux kernel 2.6.26 7 Linux kernel 2.6.26 4 Linux kernel 2.6.26 3 Linux kernel 2.6.26 .6 Linux kernel 2.6.26 -rc6 Linux kernel 2.6.26 Linux kernel 2.6.25 19 Linux kernel 2.6.25 .9 Linux kernel 2.6.25 .8 Linux kernel 2.6.25 .7 Linux kernel 2.6.25 .6 Linux kernel 2.6.25 .5 Linux kernel 2.6.25 .15 Linux kernel 2.6.25 .13 Linux kernel 2.6.25 .12 Linux kernel 2.6.25 .11 Linux kernel 2.6.25 .10 Linux kernel 2.6.25 Linux kernel 2.6.9 Linux kernel 2.6.8 rc3 Linux kernel 2.6.8 rc2 Linux kernel 2.6.8 rc1 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.6.8 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.6.7 rc1 Linux kernel 2.6.7 Linux kernel 2.6.6 rc1 Linux kernel 2.6.6 Linux kernel 2.6.5 + S.u.S.E. Linux Enterprise Server 9 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.1 Linux kernel 2.6.4 Linux kernel 2.6.3 Linux kernel 2.6.8.1 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.6.31-rc9 Linux kernel 2.6.31-rc8 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.31-rc7 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.31-rc5-git3 Linux kernel 2.6.30.5 Linux kernel 2.6.30.4 Linux kernel 2.6.30.3 Linux kernel 2.6.29-rc2-git1 Linux kernel 2.6.29-rc2 Linux kernel 2.6.29-rc1 Linux kernel 2.6.28.4 Linux kernel 2.6.26.1 Linux kernel 2.6.26-rc5-git1 Linux kernel 2.6.25.4 Linux kernel 2.6.25.3 Linux kernel 2.6.25.2 Linux kernel 2.6.25.1 Linux kernel 2.6.25-rc1 Solution: Vendor has released updates. [***** End CVE-2009-3290 *****]
Voice: 866-941-2472
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov