CVE-2009-4031
6.2 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
60.7%
The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.
| CPE | Name | Operator | Version |
|---|---|---|---|
| linux:linux_kernel | linux linux kernel | eq | 2.6.32 |
References
git.kernel.org/?p=linux/kernel/git/avi/kvm.git%3Ba=commit%3Bh=e42d9b8141d1f54ff72ad3850bb110c95a5f3b88
lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html
secunia.com/advisories/37720
www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.32-rc8-next-20091125.gz
www.openwall.com/lists/oss-security/2009/11/25/1
www.openwall.com/lists/oss-security/2009/11/25/3
www.securityfocus.com/bid/37130
bugzilla.redhat.com/show_bug.cgi?id=541160
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11089
www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html
Social References
More
Related
6.2 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
60.7%