Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 1 Jul 2009 08:02:30 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request: kernel: kvm: failure to validate
 cr3 after KVM_SET_SREGS


======================================================
Name: CVE-2009-2287
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2287
Reference: MLIST:[oss-security] 20090630 CVE Request: kernel: kvm: failure to validate cr3 after KVM_SET_SREGS
Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/30/1
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git;a=blob;f=queue-2.6.30/kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch;h=b48a47dad2cf76358b327368f80c0805e6370c68;hb=e7c45b24f298b5d9efd7d401150f64a1b51aaac4
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=59839dfff5eabca01cc4e20b45797a60a80af8cb
Reference: CONFIRM:http://sourceforge.net/tracker/?func=detail&atid=893831&aid=2687641&group_id=180599

The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel
2.6 before 2.6.30, when running on x86 systems, does not validate the
page table root in a KVM_SET_SREGS call, which allows local users to
cause a denial of service (crash or hang) via a crafted cr3 value,
which triggers a NULL pointer dereference in the gfn_to_rmap function.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.