CVE-2010-0730: Input Validation
First published: Fri Mar 12 2010(Updated: )
Paolo Bonzini found a bug in Xen hypervisor that can be used to crash the guest. Malicious guest userspace process can trick the hypervisor into emulating instruction that causes the crash if it has access to an MMIO region. The bug can be exploited because of an inconsistency between instruction decoding tables and the actual MMIO instruction decoder implementation.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux | =5 | |
| Red Hat Enterprise Linux | =5 | |
| Red Hat Enterprise Linux | =5 | |
| Red Hat Enterprise Linux | =5-ga | |
| Red Hat Enterprise Linux | =5-ga | |
| Red Hat Enterprise Linux | =5-ga | |
| Red Hat Enterprise Linux | =5.0 | |
| Red Hat Enterprise Linux Desktop | =5.0 | |
| Linux Kernel | =2.6.18 | |
| All of | ||
| Any of | ||
| Red Hat Enterprise Linux | =5 | |
| Red Hat Enterprise Linux | =5 | |
| Red Hat Enterprise Linux | =5 | |
| Red Hat Enterprise Linux | =5-ga | |
| Red Hat Enterprise Linux | =5-ga | |
| Red Hat Enterprise Linux | =5-ga | |
| Red Hat Enterprise Linux | =5.0 | |
| Red Hat Enterprise Linux Desktop | =5.0 | |
| Linux Kernel | =2.6.18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2010-0398.html
- http://secunia.com/advisories/39649
- http://www.securityfocus.com/bid/39979
- https://bugzilla.redhat.com/show_bug.cgi?id=572971
- http://www.openwall.com/lists/oss-security/2010/05/07/1
- http://support.avaya.com/css/P8/documents/100088287
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://secunia.com/advisories/43315
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430
- http://www.securityfocus.com/archive/1/516397/100/0/threaded
- https://rhn.redhat.com/errata/RHSA-2010-0398.html
- http://people.redhat.com/jwilson/el5
Frequently Asked Questions
What is the severity of CVE-2010-0730?
CVE-2010-0730 is considered a medium to high severity vulnerability due to its potential to crash the guest operating system.
How do I fix CVE-2010-0730?
To fix CVE-2010-0730, it is recommended to update your Red Hat Enterprise Linux to the latest available patches addressing this vulnerability.
What systems are affected by CVE-2010-0730?
CVE-2010-0730 affects Red Hat Enterprise Linux version 5 and some of its variants including client and server versions.
What is the nature of the attack for CVE-2010-0730?
The CVE-2010-0730 vulnerability can be exploited by a malicious user in the guest environment to crash the hypervisor by invoking specific instructions.
Is there a workaround for CVE-2010-0730 if I cannot apply the patch?
There are no easy workarounds for CVE-2010-0730, so applying the security updates is the recommended approach.
- collector/nvd-historical
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-0730
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5
- version/red hat enterprise linux/5-ga
- version/red hat enterprise linux/5.0
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/5.0
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.18