CWE
264 476
Advisory Published
CVE Published
Updated

CVE-2010-4238: Null Pointer Dereference

First published: Mon Nov 22 2010(Updated: )

Description of problem: Dom0 crashes when installing GPLPV drivers on Windows 2008 R2 guest. Xen version: 3.1.2-194.11.3.el5 Dom0 kernel: 2.6.18-194.11.3.el5xen GPLPV: gplpv_Vista2008x64_0.11.0.213.msi and older Redirected to serial console output: Unable to handle kernel NULL pointer dereference at 0000000000000108 RIP: [&lt;ffffffff8883f03f&gt;] :blkbk:update_blkif_status+0x21f/0x2ae PGD 0 Oops: 0000 [1] SMP last sysfs file: /class/net/lo/ifindex CPU 2 Modules linked in: tun xfs ocfs2(U) ipt_MASQUERADE netloop iptable_nat ip_nat netbk blktap blkbk mptctl mptbase ipmi_watchdog ipmi_si(U) ipmi_devintf(U) ipmi_msghandler(U) autofs4 hidp l2cap bluetooth ocfs2_dlmfs(U) ocfs2_dlm(U) ocfs2_nodemanager(U) configfs lockd sunrpc bonding ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_physdev bridge iptable_filter ip_tables ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables x_tables ipv6 xfrm_nalgo crypto_api be2iscsi ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp bnx2i(U) cnic(U) cxgb3i cxgb3 libiscsi_tcp libiscsi2 scsi_transport_iscsi2 scsi_transport_iscsi loop dm_round_robin dm_multipath scsi_dh video backlight sbs power_meter hwmon i2c_ec i2c_core dell_wmi wmi button battery asus_acpi ac parport_pc lp parport sr_mod cdrom sg serio_raw pcspkr hpilo serial_core bnx2x(U) 8021q dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod usb_storage shpchp cciss(U) sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd Pid: 69, comm: xenwatch Tainted: G 2.6.18-194.11.3.el5xen 0000001 RIP: e030:[&lt;ffffffff8883f03f&gt;] [&lt;ffffffff8883f03f&gt;] :blkbk:update_blkif_status+0x21f/0x2ae RSP: e02b:ffff88003e413df0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88003db2f620 RCX: 0000000000000003 RDX: ffffffffff578000 RSI: fffffffffffffffb RDI: 0000000000000000 RBP: ffff880031227b70 R08: 00000000ffffffff R09: 0000000000000020 R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8800087edb40 R13: 0000000000000000 R14: ffff880000e0bcf0 R15: ffffffff8029c1ef FS: 00002b79280d26e0(0000) GS:ffffffff805d2100(0000) knlGS:0000000000000000 CS: e033 DS: 0000 ES: 0000 Process xenwatch (pid: 69, threadinfo ffff88003e412000, task ffff88003e3ea080) Stack: 2e6b6361626b6c62 0000006364682e33 ffff880000000025 ffff8800087edb40 ffff880034383c00 ffff8800087edb40 ffff880034383c00 ffffffff8883f2eb 6669636570736e75 737361202c646569 Call Trace: [&lt;ffffffff8883f2eb&gt;] :blkbk:frontend_changed+0x21d/0x226 [&lt;ffffffff803b9c78&gt;] xenwatch_thread+0x0/0x135 [&lt;ffffffff803b90ca&gt;] xenwatch_handle_callback+0x15/0x48 [&lt;ffffffff803b9d94&gt;] xenwatch_thread+0x11c/0x135 [&lt;ffffffff8029c407&gt;] autoremove_wake_function+0x0/0x2e [&lt;ffffffff8029c1ef&gt;] keventd_create_kthread+0x0/0xc4 [&lt;ffffffff80233be4&gt;] kthread+0xfe/0x132 [&lt;ffffffff80260b2c&gt;] child_rip+0xa/0x12 [&lt;ffffffff8029c1ef&gt;] keventd_create_kthread+0x0/0xc4 [&lt;ffffffff80233ae6&gt;] kthread+0x0/0x132 [&lt;ffffffff80260b22&gt;] child_rip+0x0/0x12 Code: 48 8b b8 08 01 00 00 e8 b3 f6 a7 f7 85 c0 89 c6 74 0d 48 8b RIP [&lt;ffffffff8883f03f&gt;] :blkbk:update_blkif_status+0x21f/0x2ae RSP &lt;ffff88003e413df0&gt; CR2: 0000000000000108 &lt;0&gt;Kernel panic - not syncing: Fatal exception (XEN) Domain 0 crashed: rebooting machine in 5 seconds. <a href="http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517">http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517</a> Acknowledgements: Red Hat would like to thank Vladymyr Denysov for reporting this issue.

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Citrix Xen=3.1.2
Linux Linux kernel=2.6.18
Redhat Enterprise Linux=5
debian/linux-2.6
All of
Citrix Xen=3.1.2
Any of
Linux Linux kernel=2.6.18
Redhat Enterprise Linux=5

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203