ID CVE-2010-4255
Summary The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
References
Vulnerable Configurations
  • cpe:2.3:a:citrix:xen:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xen:*:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xen:*:*:*:*:*:*:*:*
CVSS
Base: 6.1 (as of 10-10-2018 - 20:07)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:A/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
rhsa
id RHSA-2011:0017
rpms
  • kernel-0:2.6.18-238.el5
  • kernel-PAE-0:2.6.18-238.el5
  • kernel-PAE-devel-0:2.6.18-238.el5
  • kernel-debug-0:2.6.18-238.el5
  • kernel-debug-devel-0:2.6.18-238.el5
  • kernel-devel-0:2.6.18-238.el5
  • kernel-doc-0:2.6.18-238.el5
  • kernel-headers-0:2.6.18-238.el5
  • kernel-kdump-0:2.6.18-238.el5
  • kernel-kdump-devel-0:2.6.18-238.el5
  • kernel-xen-0:2.6.18-238.el5
  • kernel-xen-devel-0:2.6.18-238.el5
refmap via4
bugtraq 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
confirm
mlist
  • [oss-security] 20101130 CVE request: xen: x86-64: don't crash Xen upon direct pv guest access
  • [oss-security] 20101130 Re: CVE request: xen: x86-64: don't crash Xen upon direct pv guest access
  • [xen-devel] 20101129 [PATCH] x86-64: don't crash Xen upon direct pv guest access
secunia
  • 42884
  • 46397
Last major update 10-10-2018 - 20:07
Published 25-01-2011 - 01:00
Back to Top