Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation resources documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability
vulnerability CVE-2009-2287
Linux kernel: denial of service via KVM and CR3

Synthesis of the vulnerability
An attacker inside a KVM guest system can use the CR3 register in order to generate a denial of service.
Severity: 1/4.
Consequences: denial of service of computer.
Provenance: user shell.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 30/06/2009.

Impacted products

Description of the vulnerability
The code of the KVM (Kernel Virtual Machine) uses the kvm_sregs structure to store Intel registers which are to be modified with KVM_SET_SREGS.

The CR3 register (kvm_sregs.cr3) contains the base address of the Page Directory Table, used for memory paging.

When the address indicated by CR3 is invalid, a NULL pointer is used by the gfn_to_rmap() function. This error leads to a denial of service.

An attacker inside a KVM guest system can therefore use the CR3 register in order to generate a denial of service.

Characteristics
Title: Linux kernel: denial of service via KVM and CR3
Identifiers: BID-35529, CVE-2009-2287, DSA 1845-1, DSA-1846-1, VIGILANCE-VUL-8830.
Url: https://vigilance.fr/tree/1/8830

Information sources
Publications and announces
Source example: EXPLOITABLE failure to validate cr3 after KVM_SET_SREGS

Solutions for this vulnerability
Patch or workaround



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française