On Fri, Feb 04, 2011 at 01:35:11PM +0300, Michael Tokarev wrote:
> Please excuse me for late reply - I missed your email initially somehow.
>
> 28.01.2011 00:59, Moritz Mühlenhoff wrote:
> []
> > Thanks for the verbose explanation. I've updated the Debian
> > Security Tracker.
> >
> > While we're at it; could you please also look into
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0435 ?
>
> That's a problem in the (host) kernel.
>
> > Is this something that still needs to be fixed for Squeeze?
>
> It is fixed in 2.6.32.27, by the following patch:
>
> ------------------
> From 85dedd445698c5bbd096289cfcc6034f74941815 Mon Sep 17 00:00:00 2001
> From: Gleb Natapov <g...@redhat.com>
> Date: Wed, 10 Nov 2010 12:08:12 +0200
> Subject: KVM: VMX: fix vmx null pointer dereference on debug register access
>
> There is a bug in KVM that can be used to crash a host on Intel
> machines. If emulator is tricked into emulating mov to/from DR instruction
> it causes NULL pointer dereference on VMX since kvm_x86_ops->(set|get)_dr
> are not initialized. Recently this is not exploitable from guest
> userspace, but malicious guest kernel can trigger it easily.
>
> CVE-2010-0435
>
> On upstream bug was fixed differently around 2.6.34.
> ------------------
>
> As far as I can see, 2.6.32.27 patch is included in current debian
> kernels. So no action appears to be necessary.
Thanks for the feedback, I've updated the Security Tracker.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
