CVE-2010-2938

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
linuxlinux_kernel
2.6.18
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen-3.1
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
hardy
ignored
dapper
dne
xen-3.2
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
hardy
not-affected
dapper
dne
xen-3.3
oneiric
dne
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/46397
http://support.avaya.com/css/P8/documents/100113326
http://www.redhat.com/support/errata/RHSA-2010-0723.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securityfocus.com/bid/43578
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://xenbits.xensource.com/xen-unstable.hg?rev/15911
https://bugzilla.redhat.com/show_bug.cgi?id=620490
http://secunia.com/advisories/46397
http://support.avaya.com/css/P8/documents/100113326
http://www.redhat.com/support/errata/RHSA-2010-0723.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securityfocus.com/bid/43578
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://xenbits.xensource.com/xen-unstable.hg?rev/15911
https://bugzilla.redhat.com/show_bug.cgi?id=620490