CVE-2010-2938

CVE Details

Release Date:2010-10-08
Impact:Moderate What is this?

Description


arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest.

See more information about CVE-2010-2938 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v2 metrics

Base Score: 4.9
Vector String: AV:L/AC:L/Au:N/C:N/I:N/A:C
Version: 2.0
Attack Vector: Local
Attack Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Complete

Errata information


PlatformErrataRelease Date
Oracle Linux version 5 (kernel)ELSA-2010-07232010-09-29
Oracle Linux version 5 (ocfs2-2.6.18-194.17.1.0.1.el5)ELSA-2010-07232010-09-29
Oracle Linux version 5 (oracleasm-2.6.18-194.17.1.0.1.el5)ELSA-2010-07232010-09-29


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete