Vulnerability Description
The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xensource | Xen Para Virtualized Frame Buffer | All versions |
Related Weaknesses (CWE)
References
- http://lists.xensource.com/archives/html/xen-devel/2008-05/msg00421.html
- http://secunia.com/advisories/32088Vendor Advisory
- http://www.openwall.com/lists/oss-security/2008/05/21/9Patch
- http://www.securityfocus.com/bid/30646
- http://www.securitytracker.com/id?1020957
- http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcfPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43362
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://rhn.redhat.com/errata/RHSA-2008-0892.html
- http://lists.xensource.com/archives/html/xen-devel/2008-05/msg00421.html
- http://secunia.com/advisories/32088Vendor Advisory
- http://www.openwall.com/lists/oss-security/2008/05/21/9Patch
- http://www.securityfocus.com/bid/30646
- http://www.securitytracker.com/id?1020957
- http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcfPatch
FAQ
What is CVE-2008-1952?
CVE-2008-1952 is a vulnerability with a CVSS score of 2.1 (LOW). The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping...
How severe is CVE-2008-1952?
CVE-2008-1952 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1952?
Check the references section above for vendor advisories and patch information. Affected products include: Xensource Xen Para Virtualized Frame Buffer.