Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 277372 (CVE-2009-1758) - Kernel: sys-kernel/xen-sources app-emulation/xen-3.4.0 hypervisor_callback DOS (CVE-2009-1758)
Summary: Kernel: sys-kernel/xen-sources app-emulation/xen-3.4.0 hypervisor_callback DO...
Status: RESOLVED FIXED
Alias: CVE-2009-1758
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: [xen <3.4.0]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-07-10 23:11 UTC by Stefan Behte (RETIRED)
Modified: 2013-09-16 00:47 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-07-10 23:11:13 UTC 
CVE-2009-1758 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1758):
  The hypervisor_callback function in Xen, possibly before 3.4.0, as
  applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other
  versions allows guest user applications to cause a denial of service
  (kernel oops) of the guest OS by triggering a segmentation fault in
  "certain address ranges."
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-07-10 23:12:09 UTC 
I'm not sure about the category, xen herd, please correct me if needed...
Comment 2 Bjoern Tropf (RETIRED) gentoo-dev 2009-07-23 21:03:13 UTC 
Whiteboard taken from CVE description.
([xen >=2.6] does not make sense)
Comment 3 Patrick Lauer gentoo-dev 2009-08-17 16:09:28 UTC 
3.4.1 is in tree
Comment 4 Wolfram Schlich (RETIRED) gentoo-dev 2009-09-02 09:50:59 UTC 
looks like xen-sources is the affected piece of software,
not the xen hypervisor (from app-emulation/xen)?!
Comment 5 DEMAINE Benoît-Pierre, aka DoubleHP 2010-02-27 23:47:59 UTC 
Which kernel version is affected ?
Comment 6 Alexey Shvetsov archtester gentoo-dev 2011-03-26 11:39:51 UTC 
Xen 4.1 in tree. Please test with it and reopen if it doesnt work
Comment 7 Stefan Behte (RETIRED) gentoo-dev Security 2011-03-29 19:42:34 UTC 
Only security closes security bugs. Thanks.
Comment 8 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-16 00:47:14 UTC 
And security is closing the bug now.