CVE-2009-1242 — MEDIUM (4.9)

Q: How severe is CVE-2009-1242?

CVE-2009-1242 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-1242?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Opensuse Opensuse, Debian Debian Linux, Canonical Ubuntu Linux, Fedoraproject Fedora.

Vulnerability Description

The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.

CVSS Score

4.9

MEDIUM

AV:L/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.29.1
Opensuse	Opensuse	11.0
Debian	Debian Linux	4.0
Canonical	Ubuntu Linux	6.06
Fedoraproject	Fedora	10

Related Weaknesses (CWE)

CWE-20

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.htmlMailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2009/04/01/3Mailing ListPatchThird Party Advisory
http://patchwork.kernel.org/patch/15549/PatchVendor Advisory
http://secunia.com/advisories/34478Third Party Advisory
http://secunia.com/advisories/34981Third Party Advisory
http://secunia.com/advisories/35120Third Party Advisory
http://secunia.com/advisories/35121Third Party Advisory
http://secunia.com/advisories/35226Third Party Advisory
http://secunia.com/advisories/35387Third Party Advisory
http://secunia.com/advisories/35394Third Party Advisory
http://secunia.com/advisories/35656Third Party Advisory
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-EFER-8585Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0084Broken Link

FAQ

What is CVE-2009-1242?

CVE-2009-1242 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of servic...

How severe is CVE-2009-1242?

CVE-2009-1242 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-1242?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Opensuse Opensuse, Debian Debian Linux, Canonical Ubuntu Linux, Fedoraproject Fedora.