Vulnerability Name:

CVE-2009-1758 (CCN-50535)

Assigned:2009-05-13
Published:2009-05-13
Updated:2017-09-29
Summary:The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges."
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.9 Medium (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2009-1758

Source: CCN
Type: Xen-devel Mailing List, Wed, 13 May 2009 15:21:42 +0100
[PATCH] linux/i386: hypervisor_callback adjustments

Source: MLIST
Type: Exploit
[Xen-devel] 20090513 [PATCH] linux/i386: hypervisor_callback adjustments

Source: CCN
Type: RHSA-2009-1106
Important: kernel security and bug fix update

Source: CCN
Type: RHSA-2009-1132
Important: kernel security and bug fix update

Source: CCN
Type: SA35093
Xen "hypervisor_callback()" Denial of Service

Source: SECUNIA
Type: UNKNOWN
35093

Source: SECUNIA
Type: UNKNOWN
35298

Source: CCN
Type: SA36317
Avaya Products Linux Kernel Multiple Vulnerabilities

Source: CCN
Type: ASA-2009-239
kernel security and bug fix update (RHSA-2009-1106)

Source: CCN
Type: ASA-2009-277
kernel security and bug fix update (RHSA-2009-1132)

Source: CCN
Type: ASA-2009-277
kernel security and bug fix update (RHSA-2009-1132)

Source: DEBIAN
Type: UNKNOWN
DSA-1809

Source: MLIST
Type: UNKNOWN
[oss-security] 20090514 CVE Request: XEN local denial of service

Source: CCN
Type: OSVDB ID: 54474
Xen arch/i386/kernel/entry-xen.S hypervisor_callback() Function Local DoS

Source: BID
Type: UNKNOWN
34957

Source: CCN
Type: BID-34957
Xen 'hypervisor_callback()' Guest Local Denial Of Service Vulnerability

Source: CCN
Type: Xen Web site
What is Xen?

Source: XF
Type: UNKNOWN
xen-hypervisorcallback-dos(50535)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10313

Source: SUSE
Type: SUSE-SA:2009:045
Linux kernel local privilege escalation

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:2.6.18:*:x86_32:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.30:rc4:x86_32:*:*:*:*:*
  • AND
  • cpe:/a:xen:xen:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:3.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:3.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:3.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:3.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:xen:xen:*:*:*:*:*:*:*:* (Version <= 3.3.1)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:xensource:xen:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:3.0.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:message_networking:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:-:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:sip_enablement_services:*:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20091758
    V
    		CVE-2009-1758
    2017-09-27
    oval:org.mitre.oval:def:28617
    P
    		RHSA-2009:1106 -- kernel security and bug fix update (Important)
    2015-08-17
    oval:org.mitre.oval:def:8079
    P
    		DSA-1809 linux-2.6 -- denial of service, privilege escalation
    2014-06-23
    oval:org.mitre.oval:def:13265
    P
    		DSA-1809-1 linux-2.6 -- denial of service, privilege escalation
    2014-06-23
    oval:org.mitre.oval:def:22334
    P
    		ELSA-2009:1106: kernel security and bug fix update (Important)
    2014-05-26
    oval:org.mitre.oval:def:10313
    V
    		The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges."
    2013-04-29
    oval:com.redhat.rhsa:def:20091132
    P
    		RHSA-2009:1132: kernel security and bug fix update (Important)
    2009-06-30
    oval:com.redhat.rhsa:def:20091106
    P
    		RHSA-2009:1106: kernel security and bug fix update (Important)
    2009-06-16
    oval:org.debian:def:1809
    V
    		denial of service, privilege escalation
    2009-06-01
    oval:com.ubuntu.precise:def:20091758000
    V
    		CVE-2009-1758 on Ubuntu 12.04 LTS (precise) - medium.
    2009-05-22
    BACK
    linux linux kernel 2.6.18
    linux linux kernel 2.6.30 rc4
    xen xen 2.0
    xen xen 3.0.2
    xen xen 3.0.3
    xen xen 3.0.4
    xen xen 3.1.2
    xen xen 3.1.3
    xen xen 3.1.4
    xen xen 3.2
    xen xen 3.2.0
    xen xen 3.2.1
    xen xen 3.2.2
    xen xen 3.2.3
    xen xen 3.3.0
    xen xen *
    xensource xen 3.0.3
    xensource xen 3.1.2
    xensource xen 3.0.2
    xensource xen 3.0.4
    suse suse linux 9.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 5
    avaya message networking 3.1
    redhat enterprise linux 5
    avaya communication manager -
    avaya sip enablement services *
    novell open enterprise server *
    novell opensuse 10.3
    novell opensuse 11.0
    novell suse linux enterprise server 10 sp2