CVE-2010-4255
published 2011-01-25CVE-2010-4255: The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel…
PriorityP419medium6.1CVSS 2.0
AVAACLAuNCNINAC
EPSS
0.76%
50.7th percentile
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | xen | <= 4.0.1 | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| debian | xen | < xen 4.0.1-2 (bookworm) | xen 4.0.1-2 (bookworm) |
| vmware | vmware_esxi | — | — |
| vmware | vmware_workstation | — | — |
| vmware | vsphere | — | — |
| xen | xen | >= 0 < 4.0.1-2 | 4.0.1-2 |
| xen | xen | >= 0 < 4.0.1-2 | 4.0.1-2 |
CVSS provenance
nvdv2.06.1MEDIUMAV:A/AC:L/Au:N/C:N/I:N/A:C
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware ESX third party updates for Service Console packages glibc and dhcp
vendor_vmware·2011-10-12·CVSS 4.7
CVE-2010-0296 [MEDIUM] VMware ESX third party updates for Service Console packages glibc and dhcp
VMSA-2011-0012: VMware ESX third party updates for Service Console packages glibc and dhcp
a. ESX third party update for Service Console kernel This update takes the console OS kernel package to kernel-2.6.18-238.9.1 which resolves multiple security issues. The Common Vulnerabilities and Exposures project ( cve.mitre.org) has assigned the names CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CV
Red Hat
xen: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area
vendor_redhat·2010-11-29·CVSS 6.1
CVE-2010-4255 [MEDIUM] xen: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area
xen: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
Debian
CVE-2010-4255: xen - The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64...
vendor_debian·2010·CVSS 6.1
CVE-2010-4255 [MEDIUM] CVE-2010-4255: xen - The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64...
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
Scope: local
bookworm: resolved (fixed in 4.0.1-2)
bullseye: resolved (fixed in 4.0.1-2)
forky: resolved (fixed in 4.0.1-2)
sid: resolved (fixed in 4.0.1-2)
trixie: resolved (fixed in 4.0.1-2)
GHSA
GHSA-3x4p-cw57-cgf8: The fixup_page_fault function in arch/x86/traps
ghsa_unreviewed·2022-05-14
CVE-2010-4255 [MEDIUM] GHSA-3x4p-cw57-cgf8: The fixup_page_fault function in arch/x86/traps
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
OSV
CVE-2010-4255: The fixup_page_fault function in arch/x86/traps
osv·2011-01-25·CVSS 6.1
CVE-2010-4255 [MEDIUM] CVE-2010-4255: The fixup_page_fault function in arch/x86/traps
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
No detection rules found.
No public exploits indexed.
http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.htmlhttp://openwall.com/lists/oss-security/2010/11/30/5http://openwall.com/lists/oss-security/2010/11/30/8http://secunia.com/advisories/42884http://secunia.com/advisories/46397http://www.redhat.com/support/errata/RHSA-2011-0017.htmlhttp://www.securityfocus.com/archive/1/520102/100/0/threadedhttp://www.vmware.com/security/advisories/VMSA-2011-0012.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=658155http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.htmlhttp://openwall.com/lists/oss-security/2010/11/30/5http://openwall.com/lists/oss-security/2010/11/30/8http://secunia.com/advisories/42884http://secunia.com/advisories/46397http://www.redhat.com/support/errata/RHSA-2011-0017.htmlhttp://www.securityfocus.com/archive/1/520102/100/0/threadedhttp://www.vmware.com/security/advisories/VMSA-2011-0012.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=658155
2011-01-25
Published