Debian Security Advisory 1907 kvm – several vulnerabilities

36
Article Source Debian Security Advisories
October 12, 2009, 5:00 pm

 

Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2008-5714

    Chris Webb discovered an off-by-one bug limiting KVM’s VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.

  • CVE-2009-3290

    It was discovered that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory…