CVE-2009-3640 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2009-3640

Modified

More Info Official Page

Source-secalert@redhat.com

Published At-29 Oct, 2009 | 14:30

Updated At-13 Feb, 2023 | 02:20

The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C

Type: Primary

Version: 2.0

Base score: 4.9

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:N/I:N/A:C

CPE Matches

Linux Kernel Organization, Inc

>>linux_kernel>>Versions up to 2.6.31(inclusive)

cpe:2.3:o:linux:linux_kernel:*:rc8:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.0

cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.1

cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.2

cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.3

cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.4

cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.5

cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.6

cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.7

cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.8

cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.8.1

cpe:2.3:o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.9

cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.10

cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11

cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11.1

cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11.2

cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11.3

cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11.4

cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11.5

cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11.6

cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11.7

cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11.8

cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11.9

cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11.10

cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11.11

cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.11.12

cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.12

cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.12.1

cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.12.2

cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.12.3

cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.12.4

cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.12.5

cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.12.6

cpe:2.3:o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.13

cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.13.1

cpe:2.3:o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.13.2

cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.13.3

cpe:2.3:o:linux:linux_kernel:2.6.13.3:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.13.4

cpe:2.3:o:linux:linux_kernel:2.6.13.4:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.13.5

cpe:2.3:o:linux:linux_kernel:2.6.13.5:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.14

cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.14.1

cpe:2.3:o:linux:linux_kernel:2.6.14.1:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.14.2

cpe:2.3:o:linux:linux_kernel:2.6.14.2:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.14.3

cpe:2.3:o:linux:linux_kernel:2.6.14.3:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.14.4

cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.14.5

cpe:2.3:o:linux:linux_kernel:2.6.14.5:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.14.6

cpe:2.3:o:linux:linux_kernel:2.6.14.6:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.14.7

cpe:2.3:o:linux:linux_kernel:2.6.14.7:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.15

cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.15.1

cpe:2.3:o:linux:linux_kernel:2.6.15.1:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.15.2

cpe:2.3:o:linux:linux_kernel:2.6.15.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov

CWE ID: CWE-20

Type: Primary

Source: nvd@nist.gov

Vendor Statements

Organization : Red Hat

Last Modified : 2009-10-30T00:00:00

Not vulnerable. This issue did not affect the versions of KVM as shipped with Red Hat Enterprise Linux 5 as it does not contain the patch that introduced this vulnerability (upstream commit f0a3602c).

References

Hyperlink	Source	Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=88c808fd42b53a7e01a2ac3253ef31fef74cb5af	secalert@redhat.com	N/A
http://marc.info/?l=oss-security&m=125626965020571&w=2	secalert@redhat.com	N/A
http://marc.info/?l=oss-security&m=125640417219385&w=2	secalert@redhat.com	N/A
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1	secalert@redhat.com	Vendor Advisory
http://www.securityfocus.com/bid/36805	secalert@redhat.com	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/53947	secalert@redhat.com	N/A

Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=88c808fd42b53a7e01a2ac3253ef31fef74cb5af

Source: secalert@redhat.com

Resource: N/A

Hyperlink: http://marc.info/?l=oss-security&m=125626965020571&w=2

Source: secalert@redhat.com

Resource: N/A

Hyperlink: http://marc.info/?l=oss-security&m=125640417219385&w=2

Source: secalert@redhat.com

Resource: N/A

Hyperlink: http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1

Source: secalert@redhat.com

Resource:

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/36805

Source: secalert@redhat.com

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/53947

Source: secalert@redhat.com

Resource: N/A