Vulnerability Details : CVE-2009-3290
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."
Vulnerability category: Denial of service
Products affected by CVE-2009-3290
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.25:rc1:*:*:*:*:*:*
Threat overview for CVE-2009-3290
Top countries where our scanners detected CVE-2009-3290
Top open port discovered on systems with this issue
52869
IPs affected by CVE-2009-3290 14,955
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-3290!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-3290
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3290
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2009-3290
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-3290
-
Red Hat 2009-09-22Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-3290 This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as KVM (Kernel-based Virtual Machine) is only supported in Red Hat Enterprise Linux 5. A future kernel update in Red Hat Enterprise Linux 5 will address this flaw.
References for CVE-2009-3290
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=07708c4af1346ab1521b26a202f438366b7bcffd
-
http://www.redhat.com/support/errata/RHSA-2009-1465.html
Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=524124
-
http://patchwork.kernel.org/patch/38926/
Patch
-
http://www.openwall.com/lists/oss-security/2009/09/22/8
-
http://www.openwall.com/lists/oss-security/2009/09/21/1
-
http://www.openwall.com/lists/oss-security/2009/09/18/1
-
http://www.ubuntu.com/usn/USN-852-1
USN-852-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11328
Jump to