The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 prior to 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
canonical ubuntu linux 9.04 |
||
canonical ubuntu linux 8.10 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 6.06 |
||
debian debian linux 5.0 |
||
debian debian linux 4.0 |