CVE-2010-4238 — Citrix XEN vulnerability

CWE-2647 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 39.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix XEN Vmware Esxi Vmware Workstation +1 more

Timeline

PublishedJan 22

Latest updateMay 14

Description

The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 5.1 | Impact: 6.9

Affected Packages4 packages

▶NVDcitrix/xen3.1.2

▶vmwarevmware/vsphere

▶vmwarevmware/vmware_esxi

▶vmwarevmware/vmware_workstation

🔴Vulnerability Details

GHSA

GHSA-q68m-xchw-w886: The vbd_create function in Xen 3↗2022-05-14

▶

📋Vendor Advisories

VMware

VMware ESX third party updates for Service Console packages glibc and dhcp↗2011-10-12

▶

Ubuntu

Linux kernel vulnerabilities↗2011-08-09

▶

Red Hat

kernel: Xen Dom0 crash with Windows 2008 R2 64bit DomU + GPLPV↗2010-09-20

▶

💬Community

Bugzilla

CVE-2010-4238 kernel: Xen Dom0 crash with Windows 2008 R2 64bit DomU + GPLPV↗2010-11-22

▶

Bugzilla

CVE-2010-2117 Firefox: DoS (resource consumption) via JavaScript source with loop of invalid (1) news:// or (2) nntp:// URIs↗2010-06-02

▶