PT-2009-6198 · Linux · Linux Kernel
Published
2009-11-20
·
Updated
2020-08-12
·
CVE-2009-4004
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 2.6.32-rc7
Description
The issue is related to a buffer overflow in the
kvm vcpu ioctl x86 setup mce function, which can cause memory corruption or potentially allow local users to gain privileges. This is achieved by sending a KVM X86 SETUP MCE IOCTL request with a large number of Machine Check Exception (MCE) banks.Recommendations
For Linux kernel versions prior to 2.6.32-rc7, update to version 2.6.32-rc7 or later to resolve the issue.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel