Debian Bug report logs - #557739
kvm: CVE-2009-3722 dos

version graph

Package: kvm; Maintainer for kvm is Michael Tokarev <mjt@tls.msk.ru>; Source for kvm is src:qemu-kvm.

Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Tue, 24 Nov 2009 02:12:03 UTC

Severity: important

Tags: security

Found in version kvm/85+dfsg-4.1

Fixed in versions kvm/88+dfsg-2, kvm/72+dfsg-5~lenny4

Done: Giuseppe Iuculano <iuculano@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Jan Lübbe <jluebbe@debian.org>:
Bug#557739; Package kvm. (Tue, 24 Nov 2009 02:12:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Jan Lübbe <jluebbe@debian.org>. (Tue, 24 Nov 2009 02:12:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: kvm: CVE-2009-3722 dos
Date: Mon, 23 Nov 2009 21:09:59 -0500
Package: kvm
Version: 85+dfsg-4.1
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kvm.

CVE-2009-3722[0]:
| The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in
| the Linux kernel before 2.6.31.1 does not properly verify the Current
| Privilege Level (CPL) before accessing a debug register, which allows
| guest OS users to cause a denial of service (trap) on the host OS via
| a crafted application.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3722
    http://security-tracker.debian.org/tracker/CVE-2009-3722




Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Wed, 25 Nov 2009 10:33:16 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Wed, 25 Nov 2009 10:33:16 GMT) Full text and rfc822 format available.

Message #10 received at 557739-close@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 557739-close@bugs.debian.org
Subject: Bug#557739: fixed in kvm 88+dfsg-2
Date: Wed, 25 Nov 2009 10:27:26 +0000
Source: kvm
Source-Version: 88+dfsg-2

We believe that the bug you reported is fixed in the latest version of
kvm, which is due to be installed in the Debian FTP archive:

kvm-dbg_88+dfsg-2_i386.deb
  to main/k/kvm/kvm-dbg_88+dfsg-2_i386.deb
kvm-source_88+dfsg-2_all.deb
  to main/k/kvm/kvm-source_88+dfsg-2_all.deb
kvm_88+dfsg-2.diff.gz
  to main/k/kvm/kvm_88+dfsg-2.diff.gz
kvm_88+dfsg-2.dsc
  to main/k/kvm/kvm_88+dfsg-2.dsc
kvm_88+dfsg-2_i386.deb
  to main/k/kvm/kvm_88+dfsg-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 557739@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated kvm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 24 Nov 2009 21:17:58 +0100
Source: kvm
Binary: kvm kvm-source kvm-dbg
Architecture: source all i386
Version: 88+dfsg-2
Distribution: experimental
Urgency: low
Maintainer: Jan Lübbe <jluebbe@debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 kvm        - Full virtualization on x86 hardware
 kvm-dbg    - Debugging info for kvm
 kvm-source - Source for the KVM driver
Closes: 553986 557736 557737 557739
Changes: 
 kvm (88+dfsg-2) experimental; urgency=low
 .
   * [b2e3840] Make patches gbp-pq/git-am friendly. Drop unused patches.
   * [4c9a8a5] Merge patches changing paths and also fix patch in vl.c.
     (Closes: #553986)
   * [b5b96e3] Fix CVE-2009-4004 (Closes: #557736)
   * [1a64955] Fix CVE-2009-2287 (Closes: #557737)
   * [a315182] Fix CVE-2009-3640 (Closes: #557737)
   * [62a4d2f] Fix CVE-2009-3722 (Closes: #557739)
Checksums-Sha1: 
 33d7163967bf9f0a18382ec6750269b862848aec 1462 kvm_88+dfsg-2.dsc
 37749b696dd6b066b4f97e753f742660dfc720fd 52084 kvm_88+dfsg-2.diff.gz
 69373359b7429c2396e272962b141f26d55fdaf2 311454 kvm-source_88+dfsg-2_all.deb
 879d789aadfdfd71f5d6a2591967587d79c568d8 1340190 kvm_88+dfsg-2_i386.deb
 d8ea811f39792b7504b787cc6b9f4fb4705e1b51 47326 kvm-dbg_88+dfsg-2_i386.deb
Checksums-Sha256: 
 2b8a358b8a570808f9cf5b4cc9dcdd5a8450009b56122e410722b84372ccdbe0 1462 kvm_88+dfsg-2.dsc
 fa712822822253b3f1d5acc62b7d90b01d8590e49ae5075a9eddf751c42edf8c 52084 kvm_88+dfsg-2.diff.gz
 2676cf35451903620d527329a77c4c1c154e23a59425765974b7bb668951ccd7 311454 kvm-source_88+dfsg-2_all.deb
 d734aaaf79a1a4055d33d73e099ebf704ba4f7073c59bee231d4fc263c324066 1340190 kvm_88+dfsg-2_i386.deb
 65ff64e0c7280c3e3bc6f4e8babfb3e795cfc42d53d6c6661c82ac69610ed906 47326 kvm-dbg_88+dfsg-2_i386.deb
Files: 
 6f622670aaab3f8855b3a9833fb55d09 1462 misc optional kvm_88+dfsg-2.dsc
 60ce21c219c562658f6f568cd0d273d1 52084 misc optional kvm_88+dfsg-2.diff.gz
 5d97cbd77a2901b3bd093e3c53add4ec 311454 kernel optional kvm-source_88+dfsg-2_all.deb
 2a7d8bfedde1d8ba7933f22d38bd42aa 1340190 misc optional kvm_88+dfsg-2_i386.deb
 67821ba6a8151a7526edbbb8ff107f7d 47326 debug extra kvm-dbg_88+dfsg-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLDF2fn88szT8+ZCYRAq/zAJ9mkB8R4ejt0o1MwF9G/Bstxp5EnwCfchyd
PtgFWtFSTdqHmVOUkEmyQPI=
=vbx0
-----END PGP SIGNATURE-----





Reply sent to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility. (Mon, 28 Dec 2009 02:03:06 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Mon, 28 Dec 2009 02:03:06 GMT) Full text and rfc822 format available.

Message #15 received at 557739-close@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <iuculano@debian.org>
To: 557739-close@bugs.debian.org
Subject: Bug#557739: fixed in kvm 72+dfsg-5~lenny4
Date: Mon, 28 Dec 2009 02:02:00 +0000
Source: kvm
Source-Version: 72+dfsg-5~lenny4

We believe that the bug you reported is fixed in the latest version of
kvm, which is due to be installed in the Debian FTP archive:

kvm-source_72+dfsg-5~lenny4_all.deb
  to main/k/kvm/kvm-source_72+dfsg-5~lenny4_all.deb
kvm_72+dfsg-5~lenny4.diff.gz
  to main/k/kvm/kvm_72+dfsg-5~lenny4.diff.gz
kvm_72+dfsg-5~lenny4.dsc
  to main/k/kvm/kvm_72+dfsg-5~lenny4.dsc
kvm_72+dfsg-5~lenny4_i386.deb
  to main/k/kvm/kvm_72+dfsg-5~lenny4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 557739@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated kvm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 22 Dec 2009 20:57:32 +0100
Source: kvm
Binary: kvm kvm-source
Architecture: source all i386
Version: 72+dfsg-5~lenny4
Distribution: stable-security
Urgency: high
Maintainer: Jan Lübbe <jluebbe@debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description: 
 kvm        - Full virtualization on x86 hardware
 kvm-source - Source for the KVM driver
Closes: 557739 562075 562076
Changes: 
 kvm (72+dfsg-5~lenny4) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2009-3638: Integer overflow in the
     kvm_dev_ioctl_get_supported_cpuid function (Closes: #562076)
   * Fixed CVE-2009-3722: denial of service (trap) on the host OS via a crafted
     application. (Closes: #557739)
   * Fixed CVE-2009-4031: denial of service (increased scheduling latency) on
     the host OS via unspecified manipulations related to SMP support.
     (Closes: #562075)
Checksums-Sha1: 
 2ddbf4c1b4f3365c641d1e1d3d55693836e010d1 1349 kvm_72+dfsg-5~lenny4.dsc
 9d8961d1f6a1e37578cbcc19ea72db400946a0c0 42354 kvm_72+dfsg-5~lenny4.diff.gz
 cbc4f7f6dbcebb407319211db7733a371a99cb40 158524 kvm-source_72+dfsg-5~lenny4_all.deb
 30e5aa546939b82009db2ecb7c25691863cb81cf 1030580 kvm_72+dfsg-5~lenny4_i386.deb
Checksums-Sha256: 
 5eaf406ba9acc7abbdcca1f9b44cebbf5aba248885a2e5d294ddc1bf37b0d6d4 1349 kvm_72+dfsg-5~lenny4.dsc
 db01fe69530696e099f81df1473e780d801b788a7726f123b9ea2afb413b22da 42354 kvm_72+dfsg-5~lenny4.diff.gz
 c1d63147ccd5b6733bed998ec796dddaae45c7efc484af1d265f9c8cd2c0f875 158524 kvm-source_72+dfsg-5~lenny4_all.deb
 2be750e3d3d0cfd2af11f0b65b966c96379f27193d87608e4d3147dcf448c057 1030580 kvm_72+dfsg-5~lenny4_i386.deb
Files: 
 95ea1b5511954549694e198b838e308c 1349 misc optional kvm_72+dfsg-5~lenny4.dsc
 12a3490ebcba2c1e9aa2a86140eaa2e3 42354 misc optional kvm_72+dfsg-5~lenny4.diff.gz
 70f46f694afd3169ce16a4c84ee32eb6 158524 misc optional kvm-source_72+dfsg-5~lenny4_all.deb
 ffdfcfce508514828bf455183e45f581 1030580 misc optional kvm_72+dfsg-5~lenny4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksx9ZsACgkQNxpp46476arv7ACdHtOELjAFjKidmw07hxndjwDC
J4MAoInBxw0zIJh9cDyIHepGlkLRCk28
=/BIJ
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jan 2010 07:37:19 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 18:23:44 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.