4.9
CVE-2009-1242
- EPSS 0.47%
- Veröffentlicht 06.04.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:50
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 2.6.29.1
Debian ≫ Debian Linux Version4.0
Debian ≫ Debian Linux Version5.0
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version8.10
Canonical ≫ Ubuntu Linux Version9.04
Fedoraproject ≫ Fedora Version10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.371 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/34981
http://www.debian.org/security/2009/dsa-1787
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
http://secunia.com/advisories/35394
http://secunia.com/advisories/35120
http://secunia.com/advisories/35121
http://wiki.rpath.com/Advisories:rPSA-2009-0084
http://www.debian.org/security/2009/dsa-1800
http://www.securityfocus.com/archive/1/503610/100/0/threaded
http://secunia.com/advisories/35656
http://www.ubuntu.com/usn/usn-793-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16175a796d061833aacfbd9672235f2d2725df65
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html
http://openwall.com/lists/oss-security/2009/04/01/3
http://patchwork.kernel.org/patch/15549/
http://secunia.com/advisories/34478
http://secunia.com/advisories/35226
http://secunia.com/advisories/35387
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-EFER-8585
http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of%2C20090402%2C8311
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.1
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.29-git1.log
http://www.securityfocus.com/bid/34331
http://www.vupen.com/english/advisories/2009/0924
https://bugzilla.redhat.com/show_bug.cgi?id=502109
https://exchange.xforce.ibmcloud.com/vulnerabilities/49594
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01126.html