kvm-84-7AXS3
エラータID: AXSA:2009-490:03
リリース日:
2009/12/30 Wednesday - 14:26
題名:
kvm-84-7AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- kvm_dev_ioctl_get_supported_cpuid 関数に整数オーバーフローがあり、ローカルユーザーが KVM_GET_SUPPORTED_CPUID リクエストを kvm_arch_dev_ioctl に送れてしまう問題がありました。(CVE-2009-3638)
- handle_dr 関数が適切にCPLを検証しないため、ゲストOSがホストOSに対してDoSトラップを仕掛けられました。(CVE-2009-3722)
- The do_insn_fetch 関数が異常な量の命令を実行しようとするため、ゲストOSユーザーがホストOSに対してDoS攻撃を仕掛けられました。(CVE-2009-4031)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-3638
Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4 allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.
Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4 allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.
CVE-2009-3722
The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application.
The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application.
CVE-2009-4031
The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.
The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.
追加情報:
N/A
ダウンロード:
SRPMS
- kvm-84-7AXS3.src.rpm
MD5: a06d1552e38818845ef75e94fb0c9ebb
SHA-256: 20ab7b24e5d4f6dd608fa98489beabebc7af77baf2e68881a62c5e25a12ba183
Size: 4.25 MB
Asianux Server 3 for x86
- kmod-kvm-84-7AXS3.i686.rpm
MD5: 0b2c43bbfb9bd7c406ac9b44716c2ac5
SHA-256: 8a126be182413fc7c71a1065d344e03c5f95271732052c6c98c1af61092debf4
Size: 0.96 MB - kmod-kvm-PAE-84-7AXS3.i686.rpm
MD5: 374c55560790009fa4449b2140f8c37b
SHA-256: 97ccde27d17cd8bb35a83ce63c662c39171bf7f44a2923bf22d23aaa176430ee
Size: 0.96 MB
Asianux Server 3 for x86_64
- kmod-kvm-84-7AXS3.x86_64.rpm
MD5: 8f1a936e64a704c8e027c748cd9f0c17
SHA-256: b2deea4a854a6495c486b6e11fbcd084a7d832d9aebf408aa2ac229a0fb50636
Size: 0.98 MB