Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6207

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2007-6207
Last Modified 21 Aug 2010 01:13:49
Published 03 Dec 2007 07:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-6207

Summary

Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.

Vulnerable Systems

Application

  • Xensource Inc Xen 3.1.1


References

MISC - http://lists.xensource.com/archives/html/xen-announce/2007-11/msg00000.html

BID - 26716

REDHAT - RHSA-2008:0154

SECUNIA - 29236

SECUNIA - 27915

OSVDB - 41341

MLIST - 20071021 [Xen-ia64-devel] PATCH: check r2 value for VTi mov rr[r3]=r2


Last Updated: 27 May 2016 10:46:24