kvm-84-7AXS3

エラータID: AXSA:2009-490:03

Release date: 
Wednesday, December 30, 2009 - 14:26
Subject: 
kvm-84-7AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

This package provides the kvm kernel modules built for the Linux kernel
CVE-2009-3638
Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4 allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.
CVE-2009-3722
The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application.
CVE-2009-4031
The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.

Solution: 

Update packages.

CVEs: 
CVE-2009-3638
Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4 allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.
CVE-2009-3722
The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application.
CVE-2009-4031
The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.




Additional Info: 

N/A

Download: 

SRPMS
  1. kvm-84-7AXS3.src.rpm
    MD5: a06d1552e38818845ef75e94fb0c9ebb
    SHA-256: 20ab7b24e5d4f6dd608fa98489beabebc7af77baf2e68881a62c5e25a12ba183
    Size: 4.25 MB

Asianux Server 3 for x86
  1. kmod-kvm-84-7AXS3.i686.rpm
    MD5: 0b2c43bbfb9bd7c406ac9b44716c2ac5
    SHA-256: 8a126be182413fc7c71a1065d344e03c5f95271732052c6c98c1af61092debf4
    Size: 0.96 MB
  2. kmod-kvm-PAE-84-7AXS3.i686.rpm
    MD5: 374c55560790009fa4449b2140f8c37b
    SHA-256: 97ccde27d17cd8bb35a83ce63c662c39171bf7f44a2923bf22d23aaa176430ee
    Size: 0.96 MB

Asianux Server 3 for x86_64
  1. kmod-kvm-84-7AXS3.x86_64.rpm
    MD5: 8f1a936e64a704c8e027c748cd9f0c17
    SHA-256: b2deea4a854a6495c486b6e11fbcd084a7d832d9aebf408aa2ac229a0fb50636
    Size: 0.98 MB