Bug#548975: kvm-source: allows MMU hypercalls from ring > 0

Tue, 29 Sep 2009 16:13:59 -0700 

Package: kvm-source
Version: 85+dfsg-4
Severity: critical
Tags: patch security
Justification: potential privilege escalation

Upstream patch:
  
http://git.kernel.org/?p=virt/kvm/kvm.git;a=commitdiff;h=07708c4af1346ab1521b26a202f438366b7bcffd

Please mention CVE-2009-3290 in your changelog.

diff -urpN kvm-85+dfsg.orig/debian/patches/CVE-2009-3290.patch 
kvm-85+dfsg/debian/patches/CVE-2009-3290.patch
--- kvm-85+dfsg.orig/debian/patches/CVE-2009-3290.patch 1969-12-31 
17:00:00.000000000 -0700
+++ kvm-85+dfsg/debian/patches/CVE-2009-3290.patch      2009-09-29 
17:05:38.000000000 -0600
@@ -0,0 +1,34 @@
+diff -urpN kvm-85+dfsg.orig/kernel/include/linux/kvm_para.h 
kvm-85+dfsg/kernel/include/linux/kvm_para.h
+--- kvm-85+dfsg.orig/kernel/include/linux/kvm_para.h   2009-04-21 
04:04:03.000000000 -0600
++++ kvm-85+dfsg/kernel/include/linux/kvm_para.h        2009-09-29 
17:04:54.000000000 -0600
+@@ -53,6 +53,7 @@
+ #define KVM_ENOSYS            1000
+ #define KVM_EFAULT            EFAULT
+ #define KVM_E2BIG             E2BIG
++#define KVM_EPERM             EPERM
+ 
+ #define KVM_HC_VAPIC_POLL_IRQ         1
+ #define KVM_HC_MMU_OP                 2
+diff -urpN kvm-85+dfsg.orig/kernel/x86/x86.c kvm-85+dfsg/kernel/x86/x86.c
+--- kvm-85+dfsg.orig/kernel/x86/x86.c  2009-04-21 04:04:13.000000000 -0600
++++ kvm-85+dfsg/kernel/x86/x86.c       2009-09-29 17:05:01.000000000 -0600
+@@ -2873,6 +2873,11 @@ int kvm_emulate_hypercall(struct kvm_vcp
+               a3 &= 0xFFFFFFFF;
+       }
+ 
++      if (kvm_x86_ops->get_cpl(vcpu) != 0) {
++              ret = -KVM_EPERM;
++              goto out;
++      }
++
+       switch (nr) {
+       case KVM_HC_VAPIC_POLL_IRQ:
+               ret = 0;
+@@ -2884,6 +2889,7 @@ int kvm_emulate_hypercall(struct kvm_vcp
+               ret = -KVM_ENOSYS;
+               break;
+       }
++out:
+       kvm_register_write(vcpu, VCPU_REGS_RAX, ret);
+       ++vcpu->stat.hypercalls;
+       return r;
diff -urpN kvm-85+dfsg.orig/debian/patches/series 
kvm-85+dfsg/debian/patches/series
--- kvm-85+dfsg.orig/debian/patches/series      2009-09-29 17:04:12.000000000 
-0600
+++ kvm-85+dfsg/debian/patches/series   2009-09-29 17:05:53.000000000 -0600
@@ -8,3 +8,4 @@ from-debian-qemu/62_linux_boot_nasm.patc
 security/leftover.patch
 qemu-ifup_head.patch
 readd_drive_boot_parameter_help.patch
+CVE-2009-3290.patch



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to