CVE-2010-2938

Sažetak

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest.

Reference

http://secunia.com/advisories/46397
http://support.avaya.com/css/P8/documents/100113326
http://www.redhat.com/support/errata/RHSA-2010-0723.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securityfocus.com/bid/43578
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://xenbits.xensource.com/xen-unstable.hg?rev/15911
https://bugzilla.redhat.com/show_bug.cgi?id=620490

CVSS

Base:	4.9
Impact:	6.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

10-10-2018 - 20:00

Objavljeno

08-10-2010 - 21:00