Package: kvm Version: 85+dfsg-4.1 Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for kvm.
CVE-2009-2287[0]: | The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel | 2.6 before 2.6.30, when running on x86 systems, does not validate the | page table root in a KVM_SET_SREGS call, which allows local users to | cause a denial of service (crash or hang) via a crafted cr3 value, | which triggers a NULL pointer dereference in the gfn_to_rmap function. CVE-2009-3640[1]: | The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM | subsystem in the Linux kernel before 2.6.32-rc1 does not properly | handle the absence of an Advanced Programmable Interrupt Controller | (APIC), which allows local users to cause a denial of service (NULL | pointer dereference and system crash) or possibly gain privileges via | a call to the kvm_vcpu_ioctl function. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2287 http://security-tracker.debian.org/tracker/CVE-2009-2287 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3640 http://security-tracker.debian.org/tracker/CVE-2009-3640 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
