CVE-2009-3640

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.32-rc1

Description The issue is related to the KVM subsystem in the Linux kernel, where the update cr8 intercept function does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC). This can allow local users to cause a denial of service, resulting in a NULL pointer dereference and system crash, or possibly gain privileges via a call to the kvm vcpu ioctl function.

Recommendations For Linux kernel versions prior to 2.6.32-rc1, update to version 2.6.32-rc1 or later to resolve the issue.