kvm
Jakob Lell from the TU Berlin computer security working group (
http://www.agrs.tu-berlin.de/v-menue/ag_rechnersicherheit/parameter/en/
) has discovered multiple vulnerabilities in several ATEN IP KVM
Switches.
Affected products:
- ATEN KH1516i IP KVM Switch (browser firmware version 1.0.063)
- ATEN KN9116 IP KVM Switch (firmware version 1.1.104)
- Aten PN9108 Power over the NET (only CVE-2009-1477)
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Qemu and KVM VNC server remote DoS
1. *Advisory Information*
===========================================================
Ubuntu Security Notice USN-776-2 May 13, 2009
kvm regression
https://launchpad.net/bugs/375937
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
===========================================================
Ubuntu Security Notice USN-776-1 May 12, 2009
kvm vulnerabilities
CVE-2008-1945, CVE-2008-2004, CVE-2008-2382, CVE-2008-4539,
CVE-2008-5714
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Debian Security Advisory DSA-2010 security@debian.org
http://www.debian.org/security/ Dann Frazier
March 10, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kvm
Vulnerability : privilege escalation/denial of service
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2010-0298 CVE-2010-0306 CVE-2010-0309 CVE-2010-0419
Debian Security Advisory DSA-1907-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
October 13, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kvm
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
Debian bugs : 509997 548975
CVE Ids : CVE-2008-5714 CVE-2009-3290
Debian Security Advisory DSA-1962 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
December 23, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kvm
Vulnerability : several vulnerabilities
Problem type : local
Debian-specific: no
Debian bugs : 557739 562075 562076
CVE Ids : CVE-2009-3638 CVE-2009-3722 CVE-2009-4031
This is Technical Support Team from ATEN.
Firstly, we appreciate all suggestions from Germany TUB LAB. Undoubtedly, guaranteeing our KVM products with robust security mechanism is our responsibility.
After discussing with Germany TUB LAB, we believe all security issues could be fixed by new Firmware version as below.
- KH1508i/KH1516i v1.0.068
- KN9108/KN9116 v1.1.109
- PN9108 v1.8.179
> This is Technical Support Team from ATEN.
>
> Firstly, we appreciate all suggestions from Germany TUB LAB.
> Undoubtedly, guaranteeing our KVM products with robust security
> mechanism is our responsibility.
>
> After discussing with Germany TUB LAB, we believe all security issues
> could be fixed by new Firmware version as below.
>
all the necessary changes.
Details follow:
USN-947-1 fixed vulnerabilities in the Linux kernel. Fixes for
CVE-2010-0419 caused failures when using KVM in certain situations.
This update reverts that fix until a better solution can be found.
We apologize for the inconvenience.
Original advisory details:
Debian Security Advisory DSA-1846-1 security@debian.org
http://www.debian.org/security/ Dann Frazier
July 28, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kvm
Vulnerability : denial of service
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-2287
Mandriva Linux Security Advisory MDVSA-2009:009
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kvm
Date : January 14, 2009
Affected: 2009.0
_______________________________________________________________________
Problem Description:
that allow local users to cause a denial of service (system panic)
or obtain elevated privileges.
CVE-2010-0298 & CVE-2010-0306
Gleb Natapov discovered issues in the KVM subsystem where missing
permission checks (CPL/IOPL) permit a user in a guest system to
denial of service a guest (system crash) or gain escalated
privileges with the guest.
CVE-2010-0307
with corrupted permissions, possibly granting unintentional
privileges to other local users.
CVE-2009-3290
Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM
does not prevent access to MMU hypercalls from ring 0, which
allows local guest OS users to cause a denial of service (guest
kernel crash) and read or write guest kernel memory.
CVE-2009-3613
user to bypass mmap_min_addr restrictions which can be exploited
to execute arbitrary code.
CVE-2009-2287
Matt T. Yourst discovered an issue in the kvm subsystem. Local
users with permission to manipulate /dev/kvm can cause a denial
of service (hang) by providing an invalid cr3 value to the
KVM_SET_SREGS call.
CVE-2009-2406
uninitialized memory.
CVE-2009-1242
Benjamin Gilbert reported a local denial of service vulnerability
in the KVM VMX implementation that allows local users to trigger
an oops.
CVE-2009-1265
Thomas Pollet reported an overflow in the af_rose implementation
Description
***********
The BladeCenter management module is a hot-swappable hardware device plugged into the BladeCenter
chassis management bay. The management module functions as a system-management processor (service processor)
and keyboard, video, and mouse (KVM) multiplexor for blade servers. This device can be remotely rebooted.
Details
*******
Details in official Advisory http://dsecrg.com/pages/vul/show.php?id=149
uninitialized memory.
CVE-2009-1242
Benjamin Gilbert reported a local denial of service vulnerability
in the KVM VMX implementation that allows local users to trigger
an oops.
CVE-2009-1265
Thomas Pollet reported an overflow in the af_rose implementation
local users to cause a denial of service (system hang) by creating an
abstract-namespace AF_UNIX listening socket, performing a shutdown
operation on this socket, and then performing a series of connect
operations to this socket. (CVE-2009-3621)
Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function
in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel
before 2.6.31.4 allows local users to have an unspecified impact
via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl
function. (CVE-2009-3638)
(kernel OOPS) and possibly execute arbitrary code via unspecified
vectors that cause a negative dentry and trigger a NULL pointer
dereference, as demonstrated via a Mutt temporary directory in an
eCryptfs mount. (CVE-2009-2908)
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in
the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when
running on x86 systems, does not prevent access to MMU hypercalls
from ring 0, which allows local guest OS users to cause a denial of
service (guest kernel crash) and read or write guest kernel memory
via unspecified random addresses. (CVE-2009-3290)
local users to cause a denial of service (system hang) by creating an
abstract-namespace AF_UNIX listening socket, performing a shutdown
operation on this socket, and then performing a series of connect
operations to this socket. (CVE-2009-3621)
Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function
in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel
before 2.6.31.4 allows local users to have an unspecified impact
via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl
function. (CVE-2009-3638)
socket implementation. Local users can exploit this vulnerability
to cause a denial of service (system hang).
CVE-2009-3638
David Wagner reported an overflow in the KVM subsystem on i386
systems. This issue is exploitable by local users with access to
the /dev/kvm device file.
For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-19lenny2.
|
