Input validation error in Xen - CVE-2006-0744
Published: April 18, 2006 / Updated: July 28, 2020
Vulnerability identifier: #VU32790
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2006-0744
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.
How to mitigate CVE-2006-0744
Install update from vendor's website.
Sources
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5
- http://lwn.net/Alerts/180820/
- http://secunia.com/advisories/19639
- http://secunia.com/advisories/19735
- http://secunia.com/advisories/20157
- http://secunia.com/advisories/20237
- http://secunia.com/advisories/20398
- http://secunia.com/advisories/20716
- http://secunia.com/advisories/20914
- http://secunia.com/advisories/21136
- http://secunia.com/advisories/21179
- http://secunia.com/advisories/21498
- http://secunia.com/advisories/21745
- http://secunia.com/advisories/21983
- http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
- http://www.debian.org/security/2006/dsa-1103
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:086
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
- http://www.novell.com/linux/security/advisories/2006_42_kernel.html
- http://www.novell.com/linux/security/advisories/2006_47_kernel.html
- http://www.novell.com/linux/security/advisories/2006-05-31.html
- http://www.osvdb.org/24639
- http://www.redhat.com/support/errata/RHSA-2006-0437.html
- http://www.redhat.com/support/errata/RHSA-2006-0493.html
- http://www.securityfocus.com/bid/17541
- http://www.ubuntu.com/usn/usn-302-1
- http://www.vupen.com/english/advisories/2006/1390
- http://www.vupen.com/english/advisories/2006/1475
- http://www.vupen.com/english/advisories/2006/2554
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25869
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9732