CVE-2009-3640

Name	CVE-2009-3640
Description	The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	557737

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Debian Bugs
kvm	source	lenny	(not affected)
kvm	source	(unstable)	88+dfsg-2	medium	557737
linux-2.6	source	etch	(not affected)
linux-2.6	source	lenny	(not affected)
linux-2.6	source	(unstable)	2.6.31-1	medium
linux-2.6.24	source	(unstable)	(not affected)

Notes

[lenny] - linux-2.6 <not-affected> (introduced post 2.6.27)
[etch] - linux-2.6 <not-affected> (introduced post 2.6.27)
- linux-2.6.24 <not-affected> (introduced post 2.6.27)
[lenny] - kvm <not-affected> (Vulnerable code not present)