CVE-2010-2938
First published: Mon Aug 02 2010(Updated: )
arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | =2.6.18 | |
| Red Hat Enterprise Linux | =5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=620490
- http://xenbits.xensource.com/xen-unstable.hg?rev/15911
- http://www.redhat.com/support/errata/RHSA-2010-0723.html
- http://support.avaya.com/css/P8/documents/100113326
- http://www.securityfocus.com/bid/43578
- http://secunia.com/advisories/46397
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=436076
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=436076&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=620490
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=628472
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=628474
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=628475
- https://rhn.redhat.com/errata/RHSA-2010-0723.html
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=450509&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=450509&action=edit
Frequently Asked Questions
What is the severity of CVE-2010-2938?
CVE-2010-2938 is classified as a moderate severity vulnerability.
How do I fix CVE-2010-2938?
To fix CVE-2010-2938, upgrade to a patched version of the Linux kernel that resolves this issue.
What systems are affected by CVE-2010-2938?
CVE-2010-2938 affects Linux Kernel version 2.6.18 and Red Hat Enterprise Linux 5 running on unsupported Intel platforms.
What type of vulnerability is CVE-2010-2938?
CVE-2010-2938 is a vulnerability related to improper verification of hardware support in the VMCS implementation.
Is CVE-2010-2938 exploitable?
Yes, CVE-2010-2938 can potentially be exploited if an attacker can execute code on the affected system.
- collector/nvd-historical
- collector/redhat-bugzilla
- alias/CVE-2010-2938
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.18
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5