CVE-2009-3290
First published: Fri Sep 18 2009(Updated: )
Description of problem: Unprivileged guest callers running in ring 3 can issue, e.g., MMU hypercalls. Normally, such callers cannot provide any hand-crafted MMU command structure as it has to be passed by its physical address, but they can still crash the guest kernel by passing random addresses or access the guest kernel memory, etc. This patch considers hypercalls valid only if issued from guest ring 0. Upstream commit: <a href="http://git.kernel.org/linus/07708c4af1346ab1521b26a202f438366b7bcffd">http://git.kernel.org/linus/07708c4af1346ab1521b26a202f438366b7bcffd</a> CVE request: <a href="http://article.gmane.org/gmane.comp.security.oss.general/2130">http://article.gmane.org/gmane.comp.security.oss.general/2130</a> <a href="http://permalink.gmane.org/gmane.comp.security.oss.general/2138">http://permalink.gmane.org/gmane.comp.security.oss.general/2138</a> Ref: <a href="http://patchwork.kernel.org/patch/38926/">http://patchwork.kernel.org/patch/38926/</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <=2.6.30 | |
| Linux Linux kernel | =2.6.25-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://patchwork.kernel.org/patch/38926/
- http://www.openwall.com/lists/oss-security/2009/09/18/1
- http://www.openwall.com/lists/oss-security/2009/09/21/1
- https://bugzilla.redhat.com/show_bug.cgi?id=524124
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=07708c4af1346ab1521b26a202f438366b7bcffd
- http://www.openwall.com/lists/oss-security/2009/09/22/8
- http://www.redhat.com/support/errata/RHSA-2009-1465.html
- http://secunia.com/advisories/37105
- http://www.ubuntu.com/usn/USN-852-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11328
- http://git.kernel.org/linus/07708c4af1346ab1521b26a202f438366b7bcffd
- http://article.gmane.org/gmane.comp.security.oss.general/2130
- http://permalink.gmane.org/gmane.comp.security.oss.general/2138
- https://rhn.redhat.com/errata/RHSA-2009-1465.html
- http://admin.fedoraproject.org/updates/kernel-2.6.27.35-170.2.94.fc10
- http://admin.fedoraproject.org/updates/kernel-2.6.30.9-90.fc11
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=07708c4af1346ab1521b26a202f438366b7bcffd
- collector/nvd-historical
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-3290
- agent/tags
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6.30
- version/linux linux kernel/2.6.25-rc1