Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 277372 (CVE-2009-1758)

Summary: Kernel: sys-kernel/xen-sources app-emulation/xen-3.4.0 hypervisor_callback DOS (CVE-2009-1758)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: KernelAssignee: Gentoo Security <security>
Severity: minor CC: dhp_gentoo, gentoo-bugs, xen
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: [xen <3.4.0]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-07-10 23:11:13 UTC
CVE-2009-1758 (
  The hypervisor_callback function in Xen, possibly before 3.4.0, as
  applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other
  versions allows guest user applications to cause a denial of service
  (kernel oops) of the guest OS by triggering a segmentation fault in
  "certain address ranges."
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-07-10 23:12:09 UTC
I'm not sure about the category, xen herd, please correct me if needed...
Comment 2 Bjoern Tropf (RETIRED) gentoo-dev 2009-07-23 21:03:13 UTC
Whiteboard taken from CVE description.
([xen >=2.6] does not make sense)
Comment 3 Patrick Lauer gentoo-dev 2009-08-17 16:09:28 UTC
3.4.1 is in tree
Comment 4 Wolfram Schlich (RETIRED) gentoo-dev 2009-09-02 09:50:59 UTC
looks like xen-sources is the affected piece of software,
not the xen hypervisor (from app-emulation/xen)?!
Comment 5 DEMAINE BenoƮt-Pierre, aka DoubleHP 2010-02-27 23:47:59 UTC
Which kernel version is affected ?
Comment 6 Alexey Shvetsov archtester gentoo-dev 2011-03-26 11:39:51 UTC
Xen 4.1 in tree. Please test with it and reopen if it doesnt work
Comment 7 Stefan Behte (RETIRED) gentoo-dev Security 2011-03-29 19:42:34 UTC
Only security closes security bugs. Thanks.
Comment 8 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-16 00:47:14 UTC
And security is closing the bug now.