CVE-2010-4247

EPSS 0.62%
Published 11.01.2011 03:00:04
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers.  NOTE: some of these details are obtained from third party information.

Affected products Warnungen 0 Metrics 2 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Citrix ≫ Xen Version <= 3.3.2

Linux ≫ Linux Kernel Version2.6.18

Citrix ≫ Xen Version3.0.2

Linux ≫ Linux Kernel Version2.6.18

Citrix ≫ Xen Version3.0.3

Linux ≫ Linux Kernel Version2.6.18

Citrix ≫ Xen Version3.0.4

Linux ≫ Linux Kernel Version2.6.18

Citrix ≫ Xen Version3.1.3

Linux ≫ Linux Kernel Version2.6.18

Citrix ≫ Xen Version3.1.4

Linux ≫ Linux Kernel Version2.6.18

Citrix ≫ Xen Version3.2.0

Linux ≫ Linux Kernel Version2.6.18

Citrix ≫ Xen Version3.2.1

Linux ≫ Linux Kernel Version2.6.18

Citrix ≫ Xen Version3.2.2

Linux ≫ Linux Kernel Version2.6.18

Citrix ≫ Xen Version3.2.3

Linux ≫ Linux Kernel Version2.6.18

Citrix ≫ Xen Version3.3.0

Linux ≫ Linux Kernel Version2.6.18

Citrix ≫ Xen Version3.3.1

Linux ≫ Linux Kernel Version2.6.18

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.62%	0.676

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	5.1	6.9	AV:A/AC:L/Au:S/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/35093

Vendor Advisory

http://secunia.com/advisories/46397

http://www.securityfocus.com/archive/1/520102/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

http://secunia.com/advisories/42789

http://www.redhat.com/support/errata/RHSA-2011-0004.html

http://www.vupen.com/english/advisories/2011/0024

http://www.openwall.com/lists/oss-security/2010/11/23/1

Patch

http://www.openwall.com/lists/oss-security/2010/11/24/8

Patch