What is CVE-2009-1242?

CVE-2009-1242 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.9 out of 10, classified as a Improper Input Validation flaw (CWE-20). CVE-2009-1242 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2009-1242?

CVE-2009-1242 has a CVSS score of 4.9 out of 10, rated Medium severity. The vector string is AV:L/AC:L/Au:N/C:N/I:N/A:C.

Is there a patch available for CVE-2009-1242?

No patch is currently available for CVE-2009-1242. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2009-1242 actively exploited?

CVE-2009-1242 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2009-1242

Medium

The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.

Package Linux Kernel

Published 2009-04-06

Last modified 2026-04-23

CVSS version 2.0

Patch available

Awaiting data

CVSS 2.0 score

4.9

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

User Interaction

Scope

Confidentiality

Low

Integrity

None

Availability

Vector string

AV:L/AC:L/Au:N/C:N/I:N/A:C

Weakness type

CWE-20

CVE-2009-1242 is a Improper Input Validation vulnerability

What is Improper Input Validation?

The product receives input but does not validate it correctly, allowing attackers to craft inputs that cause unexpected behavior. Learn more on MITRE CWE

References

The following references provide additional information about CVE-2009-1242 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Lists
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html

Mailing List Third Party Advisory
Lists
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html

Mailing List Third Party Advisory
Secunia
http://secunia.com/advisories/34478

Third Party Advisory
Secunia
http://secunia.com/advisories/34981

Third Party Advisory
Secunia
http://secunia.com/advisories/35120

Third Party Advisory
Secunia
http://secunia.com/advisories/35121

Third Party Advisory
Secunia
http://secunia.com/advisories/35226

Third Party Advisory
Secunia
http://secunia.com/advisories/35387

Third Party Advisory
Secunia
http://secunia.com/advisories/35394

Third Party Advisory
Secunia
http://secunia.com/advisories/35656

Third Party Advisory
Vigilance
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-EFER-8585

Third Party Advisory
Wiki
http://wiki.rpath.com/Advisories:rPSA-2009-0084

Broken Link
Debian Security
http://www.debian.org/security/2009/dsa-1787

Third Party Advisory
Debian Security
http://www.debian.org/security/2009/dsa-1800

Third Party Advisory
Globalsecuritymag
http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of%2C20090402%2C8311
Kernel.org
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.1

Broken Link
Kernel.org
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.29-git1.log

Broken Link
Securityfocus
http://www.securityfocus.com/archive/1/503610/100/0/threaded

Third Party Advisory VDB Entry
Securityfocus
http://www.securityfocus.com/bid/34331

Third Party Advisory VDB Entry
Ubuntu Security
http://www.ubuntu.com/usn/usn-793-1

Third Party Advisory
Vupen
http://www.vupen.com/english/advisories/2009/0924

Broken Link
Exchange
https://exchange.xforce.ibmcloud.com/vulnerabilities/49594

Third Party Advisory VDB Entry
Red Hat
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01126.html

Third Party Advisory
Kernel patch commit
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16175a796d061833aacfbd9672235f2d2725df65
Patch
Kernel patch commit
http://openwall.com/lists/oss-security/2009/04/01/3
Patch
Kernel patch commit
http://patchwork.kernel.org/patch/15549/
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2009-1242

Severity Medium

CVSS score 4.9 / 10

CVSS version 2.0

Published 2009-04-06

Modified 2026-04-23

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2009-1242?

CVE-2009-1242 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.9 out of 10 , classified as an Improper Input Validation flaw (CWE-20) . CVE-2009-1242 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2009-1242?

CVE-2009-1242 has a CVSS score of 4.9 out of 10, rated Medium severity (CVSS 2.0). The vector string is AV:L/AC:L/Au:N/C:N/I:N/A:C.
Is there a patch available for CVE-2009-1242?

No patch is currently available for CVE-2009-1242. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2009-1242 actively exploited?

No — CVE-2009-1242 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Improper Input Validation (CWE-20)?

The product receives input but does not validate it correctly, allowing attackers to craft inputs that cause unexpected behavior. View CWE-20 on MITRE CWE →