| Vulnerability Name: | CVE-2009-3290 (CCN-53370) | ||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2009-08-03 | ||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2009-08-03 | ||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2017-09-19 | ||||||||||||||||||||||||||||||||||||||||||||
| Summary: | The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses." | ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.5 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:TF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:TF/RC:C)
5.5 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:TF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-399 CWE-648 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2009-3290 Source: CCN Type: Linux Kernel GIT Repository KVM: x86: Disallow hypercalls for guest callers in rings >0 Patchworkß cfg80211: fix looping soft lockup in find_ie() Source: CONFIRM Type: UNKNOWN http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=07708c4af1346ab1521b26a202f438366b7bcffd Source: CONFIRM Type: Patch http://patchwork.kernel.org/patch/38926/ Source: CCN Type: RHSA-2009-1465 Important: kvm security and bug fix update Source: CCN Type: SA36763 Linux Kernel Denial of Service and Privilege Escalation Source: SECUNIA Type: Vendor Advisory 37105 Source: DEBIAN Type: DSA-1907 kvm -- several vulnerabilities Source: DEBIAN Type: DSA-1915 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak Source: MLIST Type: UNKNOWN [oss-security] 20090918 CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Source: MLIST Type: UNKNOWN [oss-security] 20090921 Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Source: MLIST Type: UNKNOWN [oss-security] 20090922 Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Source: CCN Type: OSVDB ID: 58214 Linux Kernel arch/x86/kvm/x86.c kvm_emulate_hypercall() Function Arbitrary Guest Kernel DoS Source: REDHAT Type: Vendor Advisory RHSA-2009:1465 Source: CCN Type: BID-36512 Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability Source: CCN Type: USN-852-1 Linux kernel vulnerabilities Source: UBUNTU Type: UNKNOWN USN-852-1 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=524124 Source: XF Type: UNKNOWN kernel-kvmemulatehypercall-dos(53370) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11328 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||