CVE-2007-5498
missing sanity check in xen block backend driver
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks.
El driver Xen hypervisor block backend (situado entre el hardware y el sistema operativo) para el Kernel de Linux 2.6.18, cuando corre en un host de 64 bit con un cliente paravirtualizado de 32 bit, permite a usuarios locales con privilegios provocar una denegación de Servicio (caída del SO del host) en el SO cliente mediante una petición que especifica un número largo de bloques.
The Linux 2.6 kernel has had various security vulnerabilities addressed. These range from bypass issues to denial of service and improper validation.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-17 CVE Reserved
- 2008-05-08 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/30116 | Third Party Advisory | |
| http://secunia.com/advisories/32918 | Third Party Advisory | |
| http://www.securityfocus.com/bid/29082 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42274 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9452 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=369531 | 2008-05-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2008-0233.html | 2017-09-29 | |
| http://www.ubuntu.com/usn/usn-679-1 | 2017-09-29 | |
| https://access.redhat.com/security/cve/CVE-2007-5498 | 2008-05-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.18 Search vendor "Linux" for product "Linux Kernel" and version "2.6.18" | - |
Affected
| ||||||