oss-sec mailing list archives

Re: CVE request: kvm: update_cr8_intercept() NULL pointer dereference when running without an apic

From: Josh Bressers <bressers () redhat com>
Date: Sat, 24 Oct 2009 13:09:04 -0400 (EDT)

Please use CVE-2009-3640.

Thanks.

-- 
    JB


----- "Eugene Teo" <eugeneteo () kernel sg> wrote:

Quote from the upstream commit:
"update_cr8_intercept() can be triggered from userspace while there
is no apic present."

http://git.kernel.org/linus/88c808fd42b53a7e01a2ac3253ef31fef74cb5af

This one can be triggered via kvm_vcpu_ioctl() if /dev/kvm is user 
accessible (which is recommended...). Fixed in v2.6.32-rc1.

Eugene

Current thread:

CVE request: kvm: update_cr8_intercept() NULL pointer dereference when running without an apic Eugene Teo (Oct 22)
- Re: CVE request: kvm: update_cr8_intercept() NULL pointer dereference when running without an apic Josh Bressers (Oct 24)