Vulnerability Details : CVE-2009-1758
The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges."
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2009-1758
- cpe:2.3:a:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen:xen:3.0.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1758
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1758
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-1758
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-1758
-
Red Hat 2009-09-10This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2009-1132.html and https://rhn.redhat.com/errata/RHSA-2009-1106.html .
References for CVE-2009-1758
-
http://www.debian.org/security/2009/dsa-1809
-
http://www.openwall.com/lists/oss-security/2009/05/14/2
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10313
-
http://lists.xensource.com/archives/html/xen-devel/2009-05/msg00561.html
Exploit
-
http://www.securityfocus.com/bid/34957
Jump to