Debian Security Advisory
DSA-1962-1 kvm -- several vulnerabilities
- Date Reported:
- 23 Dec 2009
- Affected Packages:
- kvm
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 557739, Bug 562075, Bug 562076.
In Mitre's CVE dictionary: CVE-2009-3638, CVE-2009-3722, CVE-2009-4031. - More information:
-
Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2009-3638
It was discovered an Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function. This allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.
- CVE-2009-3722
It was discovered that the handle_dr function in the KVM subsystem does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application.
- CVE-2009-4031
It was discovered that the do_insn_fetch function in the x86 emulator in the KVM subsystem tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.
For the stable distribution (lenny), these problems have been fixed in version 72+dfsg-5~lenny4.
For the testing distribution (squeeze), and the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your kvm package.
- CVE-2009-3638
- Fixed in:
-
Debian GNU/Linux 5.0 (lenny)
- Source:
- http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny4.diff.gz
- http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny4.dsc
- http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny4.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/k/kvm/kvm-source_72+dfsg-5~lenny4_all.deb
- AMD64:
- http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny4_amd64.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny4_i386.deb
MD5 checksums of the listed files are available in the original advisory.