CVE-2010-4255 — XEN vulnerability

7 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

0.8%

top 25.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Citrix XEN +3 more

Timeline

PublishedJan 25

Latest updateMay 14

Description

The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages6 packages

▶debiandebian/xen< xen 4.0.1-2 (bookworm)

▶Debianxen/xen< 4.0.1-2+3

▶NVDcitrix/xen4.0.1+18

▶vmwarevmware/vsphere

▶vmwarevmware/vmware_esxi

Patches

Patch: lists.xensource.com ↗Patch: openwall.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-3x4p-cw57-cgf8: The fixup_page_fault function in arch/x86/traps↗2022-05-14

▶

OSV

CVE-2010-4255: The fixup_page_fault function in arch/x86/traps↗2011-01-25

▶

📋Vendor Advisories

VMware

VMware ESX third party updates for Service Console packages glibc and dhcp↗2011-10-12

▶

Red Hat

xen: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area↗2010-11-29

▶

Debian

CVE-2010-4255: xen - The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64...↗2010

▶

💬Community

Bugzilla

CVE-2010-4255 xen: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area↗2010-11-29

▶