Bug 377501 - (CVE-2007-5906) CVE-2007-5906 kernel-xen 3.1.1 virtual guest system denial of service (hypervisor crash) possibility
CVE-2007-5906 kernel-xen 3.1.1 virtual guest system denial of service (hyperv...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Bill Burns
: Security
Depends On: 386901 386911 390091 390101 390111 390121
  Show dependency treegraph
Reported: 2007-11-12 05:53 EST by Jan Lieskovsky
Modified: 2009-09-10 12:30 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-10 12:30:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2007-11-12 05:53:47 EST
Description of problem:

Xen 3.1.1 allows virtual guest system users to cause a denial of
service (hypervisor crash) by using a debug register (DR7) to set
certain breakpoints. (CVE-2007-5906).
Comment 1 Rik van Riel 2007-11-12 12:19:44 EST
Will this bugzilla get the details needed to fix the bug, once those details
become available?
Comment 3 Jan Lieskovsky 2007-11-16 09:57:18 EST
The official post is here -- there is also patch provided: 
Comment 5 Mark J. Cox (Product Security) 2008-06-25 07:02:25 EDT
Note that the rebase of the Xen hypervisor to 3.1.2 in the 5.2 kernel
(RHBA-2008:0314) caused this issue to be fixed for Enterprise Linux 5.  I'll
therefore update that advisory so that it references this CVE name.
Comment 6 Chris Lalancette 2009-09-10 12:30:52 EDT
This was fixed long ago in all of the relevant released, so I'll close out this tracker bug.

Chris Lalancette

Note You need to log in before you can comment on or make changes to this bug.