CVE-2009-3290 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2009-3290?

CVE-2009-3290 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3290?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 2.6.30

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2009-3290?

CVE-2009-3290 is a vulnerability with a CVSS score of 7.2 (HIGH). The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls...

How severe is CVE-2009-3290?

CVE-2009-3290 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3290?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.