CVE-2009-3638

Published: 29 October 2009

Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4 allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.

From the Ubuntu security team

David Wagner discovered that KVM did not correctly bounds-check CPUID entries. A local attacker could exploit this to crash the system or possibly gain elevated privileges. Ubuntu 6.06 and 9.10 were not affected.

Priority

Medium

Status

Package Release Status
kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.32~rc4)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6a54435560efdab1a08f429a954df4d6c740bddf
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.32~rc4)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.32~rc4)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.32~rc4)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.32~rc4)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.32~rc4)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.32~rc4)
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Not vulnerable