The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. #### Notes Author| Note ---|--- [kees](<https://launchpad.net/~kees>) | guest can crash host [smb](<https://launchpad.net/~smb>) | Looking at the redhat bugzilla it says: "If emulator is tricked into emulating mov to/from DR instruction it causes NULL pointer dereference on VMX since kvm_x86_ops->(set|get)_dr are not initialized." Now before v2.6.36-rc1 KVM has no ops->(set|get)_dr but calls the function directly. So that Oops cannot happen. [kees](<https://launchpad.net/~kees>) | but a fix was included for Lucid anyway? [smb](<https://launchpad.net/~smb>) | It was by upstream. Now pulled that change back to Hardy and Karmic. I believe the reference in the backport is pointing to upstream commit 020df0794f5764e742feaa718be88b8f1b4ce04f which was part of 2.6.35-rc1

Affected Package

OS OS Version Package Name Package Version
ubuntu 08.04 linux 2.6.24-28.86
ubuntu 09.10 linux 2.6.31-22.73
ubuntu 10.04 linux 2.6.32-28.55
ubuntu upstream linux 2.6.36~rc1
ubuntu 10.04 linux-ec2 2.6.32-312.24
ubuntu upstream linux-ec2 2.6.36~rc1
ubuntu 09.10 linux-fsl-imx51 2.6.31-112.30
ubuntu upstream linux-fsl-imx51 2.6.36~rc1
ubuntu upstream linux-lts-backport-maverick 2.6.36~rc1
ubuntu upstream linux-mvl-dove 2.6.36~rc1
ubuntu upstream linux-source-2.6.15 2.6.36~rc1
ubuntu upstream linux-ti-omap4 2.6.36~rc1