Debian Bug report logs - #562076
CVE-2009-3638: Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function

version graph

Package: kvm; Maintainer for kvm is Michael Tokarev <mjt@tls.msk.ru>; Source for kvm is src:qemu-kvm.

Reported by: Giuseppe Iuculano <iuculano@debian.org>

Date: Tue, 22 Dec 2009 13:24:01 UTC

Severity: grave

Tags: security

Fixed in version kvm/72+dfsg-5~lenny4

Done: Giuseppe Iuculano <iuculano@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Jan Lübbe <jluebbe@debian.org>:
Bug#562076; Package kvm. (Tue, 22 Dec 2009 13:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <iuculano@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Jan Lübbe <jluebbe@debian.org>. (Tue, 22 Dec 2009 13:24:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <iuculano@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2009-3638: Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function
Date: Tue, 22 Dec 2009 14:22:50 +0100
Package: kvm
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kvm.

CVE-2009-3638[0]:
| Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in
| arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before
| 2.6.31.4 allows local users to have an unspecified impact via a
| KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3638
    http://security-tracker.debian.org/tracker/CVE-2009-3638


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkswyCcACgkQNxpp46476aodswCbBhUlXpMcGEOyZyftiw6qE+t6
GP0An389JcLUJRqd0J0pmVt/sSI7OOlf
=BE85
-----END PGP SIGNATURE-----




Reply sent to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility. (Mon, 28 Dec 2009 02:03:16 GMT) Full text and rfc822 format available.

Notification sent to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer. (Mon, 28 Dec 2009 02:03:16 GMT) Full text and rfc822 format available.

Message #10 received at 562076-close@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <iuculano@debian.org>
To: 562076-close@bugs.debian.org
Subject: Bug#562076: fixed in kvm 72+dfsg-5~lenny4
Date: Mon, 28 Dec 2009 02:02:00 +0000
Source: kvm
Source-Version: 72+dfsg-5~lenny4

We believe that the bug you reported is fixed in the latest version of
kvm, which is due to be installed in the Debian FTP archive:

kvm-source_72+dfsg-5~lenny4_all.deb
  to main/k/kvm/kvm-source_72+dfsg-5~lenny4_all.deb
kvm_72+dfsg-5~lenny4.diff.gz
  to main/k/kvm/kvm_72+dfsg-5~lenny4.diff.gz
kvm_72+dfsg-5~lenny4.dsc
  to main/k/kvm/kvm_72+dfsg-5~lenny4.dsc
kvm_72+dfsg-5~lenny4_i386.deb
  to main/k/kvm/kvm_72+dfsg-5~lenny4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 562076@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated kvm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 22 Dec 2009 20:57:32 +0100
Source: kvm
Binary: kvm kvm-source
Architecture: source all i386
Version: 72+dfsg-5~lenny4
Distribution: stable-security
Urgency: high
Maintainer: Jan Lübbe <jluebbe@debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description: 
 kvm        - Full virtualization on x86 hardware
 kvm-source - Source for the KVM driver
Closes: 557739 562075 562076
Changes: 
 kvm (72+dfsg-5~lenny4) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2009-3638: Integer overflow in the
     kvm_dev_ioctl_get_supported_cpuid function (Closes: #562076)
   * Fixed CVE-2009-3722: denial of service (trap) on the host OS via a crafted
     application. (Closes: #557739)
   * Fixed CVE-2009-4031: denial of service (increased scheduling latency) on
     the host OS via unspecified manipulations related to SMP support.
     (Closes: #562075)
Checksums-Sha1: 
 2ddbf4c1b4f3365c641d1e1d3d55693836e010d1 1349 kvm_72+dfsg-5~lenny4.dsc
 9d8961d1f6a1e37578cbcc19ea72db400946a0c0 42354 kvm_72+dfsg-5~lenny4.diff.gz
 cbc4f7f6dbcebb407319211db7733a371a99cb40 158524 kvm-source_72+dfsg-5~lenny4_all.deb
 30e5aa546939b82009db2ecb7c25691863cb81cf 1030580 kvm_72+dfsg-5~lenny4_i386.deb
Checksums-Sha256: 
 5eaf406ba9acc7abbdcca1f9b44cebbf5aba248885a2e5d294ddc1bf37b0d6d4 1349 kvm_72+dfsg-5~lenny4.dsc
 db01fe69530696e099f81df1473e780d801b788a7726f123b9ea2afb413b22da 42354 kvm_72+dfsg-5~lenny4.diff.gz
 c1d63147ccd5b6733bed998ec796dddaae45c7efc484af1d265f9c8cd2c0f875 158524 kvm-source_72+dfsg-5~lenny4_all.deb
 2be750e3d3d0cfd2af11f0b65b966c96379f27193d87608e4d3147dcf448c057 1030580 kvm_72+dfsg-5~lenny4_i386.deb
Files: 
 95ea1b5511954549694e198b838e308c 1349 misc optional kvm_72+dfsg-5~lenny4.dsc
 12a3490ebcba2c1e9aa2a86140eaa2e3 42354 misc optional kvm_72+dfsg-5~lenny4.diff.gz
 70f46f694afd3169ce16a4c84ee32eb6 158524 misc optional kvm-source_72+dfsg-5~lenny4_all.deb
 ffdfcfce508514828bf455183e45f581 1030580 misc optional kvm_72+dfsg-5~lenny4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksx9ZsACgkQNxpp46476arv7ACdHtOELjAFjKidmw07hxndjwDC
J4MAoInBxw0zIJh9cDyIHepGlkLRCk28
=/BIJ
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 31 Jan 2010 07:40:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 13:33:52 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.