Bug 541160 (CVE-2009-4031) - CVE-2009-4031 kernel: KVM: x86 emulator: limit instructions to 15 bytes
Summary: CVE-2009-4031 kernel: KVM: x86 emulator: limit instructions to 15 bytes
Alias: CVE-2009-4031
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 541164 541165 545637 545645
TreeView+ depends on / blocked
Reported: 2009-11-25 05:03 UTC by Eugene Teo (Security Response)
Modified: 2021-11-29 17:12 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1659 0 normal SHIPPED_LIVE Moderate: kvm security and bug fix update 2009-12-09 16:28:49 UTC
Red Hat Product Errata RHSA-2009:1692 0 normal SHIPPED_LIVE Important: rhev-hypervisor security and bug fix update 2009-12-23 14:05:01 UTC

Description Eugene Teo (Security Response) 2009-11-25 05:03:06 UTC
Description of problem:
While we are never normally passed an instruction that exceeds 15 bytes, smp games can cause us to attempt to interpret one, which will cause large latencies in non-preempt hosts.

Upstream commit:

Comment 4 Jan Lieskovsky 2009-11-30 13:55:59 UTC
Mitre's CVE-2009-4031 record:

The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86
emulator in the KVM subsystem in the Linux kernel before
2.6.32-rc8-next-20091125 tries to interpret instructions that contain
too many bytes to be valid, which allows guest OS users to cause a
denial of service (increased scheduling latency) on the host OS via
unspecified manipulations related to SMP support.


Comment 9 errata-xmlrpc 2009-12-09 16:28:52 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1659 https://rhn.redhat.com/errata/RHSA-2009-1659.html

Comment 10 Fedora Update System 2009-12-10 22:54:33 UTC
kernel- has been submitted as an update for Fedora 10.

Comment 11 Fedora Update System 2009-12-11 18:26:13 UTC
kernel- has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 errata-xmlrpc 2009-12-23 14:05:07 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Virtualization for RHEL-5

Via RHSA-2009:1692 https://rhn.redhat.com/errata/RHSA-2009-1692.html

Comment 13 Aristeu Rozanski 2010-01-26 13:08:58 UTC
Patch present on current RHEL6 git tree.

Note You need to log in before you can comment on or make changes to this bug.