The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
AV:L/AC:L/Au:N/C:N/I:N/A:C
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Linux |
|
Configuration 1 [-]
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2009-10-29T14:00:00
Updated: 2024-08-07T06:38:29.815Z
Reserved: 2009-10-09T00:00:00
Link: CVE-2009-3640
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-10-29T14:30:01.250
Modified: 2023-02-13T02:20:32.077
Link: CVE-2009-3640
Redhat
No data.