Bug 377501 (CVE-2007-5906) - CVE-2007-5906 kernel-xen 3.1.1 virtual guest system denial of service (hypervisor crash) possibility
Summary: CVE-2007-5906 kernel-xen 3.1.1 virtual guest system denial of service (hyperv...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2007-5906
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Bill Burns
QA Contact:
URL:
Whiteboard:
Depends On: 386901 386911 390091 390101 390111 390121
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-12 10:53 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:22 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-10 16:30:52 UTC
Embargoed:

Attachments (Terms of Use)

Description Jan Lieskovsky 2007-11-12 10:53:47 UTC 
Description of problem:

Xen 3.1.1 allows virtual guest system users to cause a denial of
service (hypervisor crash) by using a debug register (DR7) to set
certain breakpoints. (CVE-2007-5906).
Comment 1 Rik van Riel 2007-11-12 17:19:44 UTC 
Will this bugzilla get the details needed to fix the bug, once those details
become available?
Comment 3 Jan Lieskovsky 2007-11-16 14:57:18 UTC 
The official post is here -- there is also patch provided: 
 
http://lists.xensource.com/archives/html/xen-devel/2007-10/msg01048.html
Comment 5 Mark J. Cox 2008-06-25 11:02:25 UTC 
Note that the rebase of the Xen hypervisor to 3.1.2 in the 5.2 kernel
(RHBA-2008:0314) caused this issue to be fixed for Enterprise Linux 5.  I'll
therefore update that advisory so that it references this CVE name.
Comment 6 Chris Lalancette 2009-09-10 16:30:52 UTC 
This was fixed long ago in all of the relevant released, so I'll close out this tracker bug.

Chris Lalancette
Note You need to log in before you can comment on or make changes to this bug.