7.8
CVE-2009-4031
- EPSS 2.23%
- Published 29.11.2009 13:07:32
- Last modified 09.04.2025 00:30:58
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 2.6.32
Linux ≫ Linux Kernel Version2.6.32 Update-
Linux ≫ Linux Kernel Version2.6.32 Updaterc1
Linux ≫ Linux Kernel Version2.6.32 Updaterc2
Linux ≫ Linux Kernel Version2.6.32 Updaterc3
Linux ≫ Linux Kernel Version2.6.32 Updaterc4
Linux ≫ Linux Kernel Version2.6.32 Updaterc5
Linux ≫ Linux Kernel Version2.6.32 Updaterc6
Linux ≫ Linux Kernel Version2.6.32 Updaterc7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.23% | 0.83 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.