Vulnerability Details : CVE-2009-1242
The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2009-1242
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
Threat overview for CVE-2009-1242
Top countries where our scanners detected CVE-2009-1242
Top open port discovered on systems with this issue
53
IPs affected by CVE-2009-1242 1,532
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-1242!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-1242
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1242
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2009-1242
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-1242
-
Red Hat 2009-04-07Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
References for CVE-2009-1242
-
http://wiki.rpath.com/Advisories:rPSA-2009-0084
Broken Link
-
https://bugzilla.redhat.com/show_bug.cgi?id=502109
Issue Tracking;Patch;Third Party Advisory
-
http://www.ubuntu.com/usn/usn-793-1
USN-793-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.1
404: File not foundBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/49594
Third Party Advisory;VDB Entry
-
http://openwall.com/lists/oss-security/2009/04/01/3
Mailing List;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/34331
Third Party Advisory;VDB Entry
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16175a796d061833aacfbd9672235f2d2725df65
Patch;Vendor Advisory
-
http://www.debian.org/security/2009/dsa-1800
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2009:031) - openSUSE Security Announce - openSUSE Mailing ListsMailing List;Third Party Advisory
-
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-EFER-8585
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html
Mailing List;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.29-git1.log
Broken Link
-
http://www.vupen.com/english/advisories/2009/0924
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://patchwork.kernel.org/patch/15549/
Patch;Vendor Advisory
-
http://www.debian.org/security/2009/dsa-1787
[SECURITY] [DSA 1787-1] New quagga packages fix denial of serviceThird Party Advisory
-
http://www.securityfocus.com/archive/1/503610/100/0/threaded
Third Party Advisory;VDB Entry
-
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01126.html
Third Party Advisory
-
http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20090402,8311
Third Party Advisory
Jump to