Secunia

Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), and gain escalated privileges and by malicious people to cause a DoS.

1) An error exists within the "find_ie()" function in net/wireless/scan.c, which can be exploited to trigger an infinite loop by sending specially crafted packets.

Note: This does not affect versions prior to 2.6.30.

2) A boundary error within the "perf_copy_attr()" function in kernel/perf_counter.c can be exploited to cause a buffer overflow by e.g. passing specially crafted data via the "perf_counter_open()" syscall.

Note: This does not affect versions prior to 2.6.31.

3) The "kvm_emulate_hypercall()" function in arch/x86/kvm/x86.c does not reject MMU hypercalls from unprivileged guests, which can be exploited to e.g. crash a guest kernel.

4) The "handle_dr()" function in arch/x86/kvm/vmx.c does not properly check the current privilege level before emulating access to debug registers, which can be exploited to e.g. set hardware breakpoints from userspace.

Solution
Update to version 2.6.31.1.

Provided and/or discovered by
1) Bob Copeland
2) Xiao Guangrong
3) Jan Kiszka
4) Reported by the vendor.

Changelog
Further details available in Customer Area

Original Advisory
1) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fcc6cb0c13555e78c2d47257b6d1b5e59b0c419a
2) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b3e62e35058fc744ac794611f4e79bcd1c5a4b83
3) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=07708c4af1346ab1521b26a202f438366b7bcffd
4) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0a79b009525b160081d75cef5dbf45817956acf2

Deep Links
Links available in Customer Area