CVE-2010-3699 — Citrix XEN vulnerability

CWE-3998 documents8 sources

Severity

2.7LOWNVD

EPSS

0.5%

top 33.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix XEN Vmware Esxi Vmware Workstation +1 more

Timeline

PublishedDec 8

Latest updateMay 14

Description

The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 5.1 | Impact: 2.9

Affected Packages4 packages

▶NVDcitrix/xen16 versions+15

▶vmwarevmware/vsphere

▶vmwarevmware/vmware_esxi

▶vmwarevmware/vmware_workstation

Patches

Patch: xenbits.xensource.com ↗Patch: xenbits.xensource.com ↗

🔴Vulnerability Details

GHSA

GHSA-897j-59mc-qfvp: The backend driver in Xen 3↗2022-05-14

▶

Kernel

blkback: Fix CVE-2010-3699↗2010-11-24

▶

💥Exploits & PoCs

Exploit-DB

AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 - Buffer Overflow (Metasploit)↗2010-11-11

▶

📋Vendor Advisories

VMware

VMware ESX third party updates for Service Console packages glibc and dhcp↗2011-10-12

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-25

▶

Red Hat

kernel: guest->host denial of service from invalid xenbus transitions↗2010-11-24

▶

💬Community

Bugzilla

CVE-2010-3699 kernel: guest->host denial of service from invalid xenbus transitions↗2010-09-22

▶