Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2009-3290

Опубликовано: 03 авг. 2009
Источник: redhat
CVSS2: 7.2

Описание

The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."

Отчет

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-3290 This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as KVM (Kernel-based Virtual Machine) is only supported in Red Hat Enterprise Linux 5. A future kernel update in Red Hat Enterprise Linux 5 will address this flaw.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-648
https://bugzilla.redhat.com/show_bug.cgi?id=524124kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0

7.2 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2009-3290

ubuntu
почти 16 лет назад

The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."

nvd логотип

CVE-2009-3290

nvd
почти 16 лет назад

The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."

debian логотип

CVE-2009-3290

debian
почти 16 лет назад

The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the ...

github логотип

GHSA-854c-mqcx-rhcc

github
около 3 лет назад

The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."

oracle-oval логотип

ELSA-2009-1465

oracle-oval
больше 15 лет назад

ELSA-2009-1465: kvm security and bug fix update (IMPORTANT)

7.2 High

CVSS2