CVE-2009-4031 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-4031 PUBLISHED CVSS 7.800000190734863 HIGH

The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.

EPSS 2.11% · 84.0th percentile

Risk Scores

CVSS v2.0

7.800000190734863

EPSS Score

2.11%

84.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
linux	linux_kernel	0, 2.6.32, 2.6.32

Timeline

Nov 27, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Feb 13, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

[oss-security] 20091125 Re: CVE request: kernel: KVM: x86 emulator: limit instructions to 15 bytes mailing-list
37720 third-party-advisory
SUSE-SA:2010:018 vendor-advisory
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.32-rc8-next-20091125.gz url
oval:org.mitre.oval:def:11089 vdb
[oss-security] 20091125 CVE request: kernel: KVM: x86 emulator: limit instructions to 15 bytes mailing-list
FEDORA-2009-13098 vendor-advisory
http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git%3Ba=commit%3Bh=e42d9b8141d1f54ff72ad3850bb110c95a5f3b88 url
37130 vdb
https://bugzilla.redhat.com/show_bug.cgi?id=541160 url
https://nvd.nist.gov/vuln/detail/CVE-2009-4031 advisory
http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commit;h=e42d9b8141d1f54ff72ad3850bb110c95a5f3b88 url

Open in Interactive Console →