CVE-2009-1758 - The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.3

CVE-2009-1758

Summary

The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges."

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.6.18:*:x86_32:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:*:x86_32:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:x86_32:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:x86_32:*:*:*:*:*
cpe:2.3:a:xen:xen:2.0:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:2.0:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.2:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.2:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:*:*:*:*:*:*:*:*
cpe:2.3:a:xen:xen:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 29-09-2017 - 01:34)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

oval via4

accepted

2013-04-29T04:04:31.508-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10313

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

bugzilla

id	502981
title	CVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

comment kernel earlier than 0:2.6.9-89.0.3.EL is currently running
oval oval:com.redhat.rhsa:tst:20091132023
comment kernel earlier than 0:2.6.9-89.0.3.EL is set to boot up on next boot
oval oval:com.redhat.rhsa:tst:20091132024

AND
comment kernel is earlier than 0:2.6.9-89.0.3.EL
oval oval:com.redhat.rhsa:tst:20091132001
comment kernel is signed with Red Hat master key
oval oval:com.redhat.rhba:tst:20070304002
AND
comment kernel-devel is earlier than 0:2.6.9-89.0.3.EL
oval oval:com.redhat.rhsa:tst:20091132003
comment kernel-devel is signed with Red Hat master key
oval oval:com.redhat.rhba:tst:20070304004
AND
comment kernel-doc is earlier than 0:2.6.9-89.0.3.EL
oval oval:com.redhat.rhsa:tst:20091132005
comment kernel-doc is signed with Red Hat master key
oval oval:com.redhat.rhba:tst:20070304006
AND
comment kernel-hugemem is earlier than 0:2.6.9-89.0.3.EL
oval oval:com.redhat.rhsa:tst:20091132007
comment kernel-hugemem is signed with Red Hat master key
oval oval:com.redhat.rhba:tst:20070304008

AND

comment kernel-hugemem-devel is earlier than 0:2.6.9-89.0.3.EL
oval oval:com.redhat.rhsa:tst:20091132009
comment kernel-hugemem-devel is signed with Red Hat master key
oval oval:com.redhat.rhba:tst:20070304010

AND
comment kernel-largesmp is earlier than 0:2.6.9-89.0.3.EL
oval oval:com.redhat.rhsa:tst:20091132011
comment kernel-largesmp is signed with Red Hat master key
oval oval:com.redhat.rhba:tst:20070304012

AND

comment kernel-largesmp-devel is earlier than 0:2.6.9-89.0.3.EL
oval oval:com.redhat.rhsa:tst:20091132013
comment kernel-largesmp-devel is signed with Red Hat master key
oval oval:com.redhat.rhba:tst:20070304014

AND
comment kernel-smp is earlier than 0:2.6.9-89.0.3.EL
oval oval:com.redhat.rhsa:tst:20091132015
comment kernel-smp is signed with Red Hat master key
oval oval:com.redhat.rhba:tst:20070304016

AND

comment kernel-smp-devel is earlier than 0:2.6.9-89.0.3.EL
oval oval:com.redhat.rhsa:tst:20091132017
comment kernel-smp-devel is signed with Red Hat master key
oval oval:com.redhat.rhba:tst:20070304018

AND
comment kernel-xenU is earlier than 0:2.6.9-89.0.3.EL
oval oval:com.redhat.rhsa:tst:20091132019
comment kernel-xenU is signed with Red Hat master key
oval oval:com.redhat.rhba:tst:20070304020

AND

comment kernel-xenU-devel is earlier than 0:2.6.9-89.0.3.EL
oval oval:com.redhat.rhsa:tst:20091132021
comment kernel-xenU-devel is signed with Red Hat master key
oval oval:com.redhat.rhba:tst:20070304022

rhsa

id	RHSA-2009:1132
released	2009-06-30
severity	Important
title	RHSA-2009:1132: kernel security and bug fix update (Important)

rpms

kernel-0:2.6.18-128.1.14.el5
kernel-PAE-0:2.6.18-128.1.14.el5
kernel-PAE-debuginfo-0:2.6.18-128.1.14.el5
kernel-PAE-devel-0:2.6.18-128.1.14.el5
kernel-debug-0:2.6.18-128.1.14.el5
kernel-debug-debuginfo-0:2.6.18-128.1.14.el5
kernel-debug-devel-0:2.6.18-128.1.14.el5
kernel-debuginfo-0:2.6.18-128.1.14.el5
kernel-debuginfo-common-0:2.6.18-128.1.14.el5
kernel-devel-0:2.6.18-128.1.14.el5
kernel-doc-0:2.6.18-128.1.14.el5
kernel-headers-0:2.6.18-128.1.14.el5
kernel-kdump-0:2.6.18-128.1.14.el5
kernel-kdump-debuginfo-0:2.6.18-128.1.14.el5
kernel-kdump-devel-0:2.6.18-128.1.14.el5
kernel-xen-0:2.6.18-128.1.14.el5
kernel-xen-debuginfo-0:2.6.18-128.1.14.el5
kernel-xen-devel-0:2.6.18-128.1.14.el5
kernel-0:2.6.9-89.0.3.EL
kernel-debuginfo-0:2.6.9-89.0.3.EL
kernel-devel-0:2.6.9-89.0.3.EL
kernel-doc-0:2.6.9-89.0.3.EL
kernel-hugemem-0:2.6.9-89.0.3.EL
kernel-hugemem-devel-0:2.6.9-89.0.3.EL
kernel-largesmp-0:2.6.9-89.0.3.EL
kernel-largesmp-devel-0:2.6.9-89.0.3.EL
kernel-smp-0:2.6.9-89.0.3.EL
kernel-smp-devel-0:2.6.9-89.0.3.EL
kernel-xenU-0:2.6.9-89.0.3.EL
kernel-xenU-devel-0:2.6.9-89.0.3.EL

refmap via4

bid	34957
debian	DSA-1809
mlist	[Xen-devel] 20090513 [PATCH] linux/i386: hypervisor_callback adjustments [oss-security] 20090514 CVE Request: XEN local denial of service
secunia	35093 35298

statements via4

contributor	Tomas Hoger
lastmodified	2009-09-10
organization	Red Hat
statement	This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2009-1132.html and https://rhn.redhat.com/errata/RHSA-2009-1106.html .

Last major update

29-09-2017 - 01:34

Published

22-05-2009 - 11:52

Last modified

29-09-2017 - 01:34