CVE-2009-4004
Description
Buffer overflow in KVM's KVM_X86_SETUP_MCE IOCTL allows local users to cause memory corruption or gain privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in KVM's KVM_X86_SETUP_MCE IOCTL allows local users to cause memory corruption or gain privileges.
Vulnerability
A buffer overflow exists in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the Linux kernel's KVM subsystem before version 2.6.32-rc7. The vulnerability occurs when a local user sends a KVM_X86_SETUP_MCE IOCTL request specifying a large number of Machine Check Exception (MCE) banks, which overflows a fixed-size buffer. This code path is reachable via direct IOCTL calls to KVM devices. [1]
Exploitation
An attacker needs local access to the system and the ability to open an KVM device file (e.g., /dev/kvm). The exploit involves crafting a KVM_X86_SETUP_MCE IOCTL with a large value in the bank count field, triggering the buffer overflow during memory copy operations. No special privileges beyond local user access are required. [1]
Impact
Successful exploitation can cause memory corruption leading to a denial of service (system crash) or potentially allow an attacker to gain elevated privileges (root). The overflow targets kernel memory, giving the attacker control over execution flow. [1]
Mitigation
The fix was included in Linux kernel version 2.6.32-rc7, released November 2009. Users should upgrade to a kernel version 2.6.32-rc7 or later. No workaround is available; the affected code is removed in the fixed version. [1]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <=2.6.31.14
- cpe:2.3:o:linux:linux_kernel:2.6.32:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.32:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.32:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.32:rc6:*:*:*:*:*:*
- (no CPE)range: <2.6.32-rc7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- secunia.com/advisories/37357nvdBroken LinkVendor Advisory
- www.securityfocus.com/bid/37035nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/54302nvdThird Party AdvisoryVDB Entry
- www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc7nvdBroken Link
- www.vupen.com/english/advisories/2009/3267nvdBroken Link
- git.kernel.orgnvd
News mentions
0No linked articles in our index yet.