CWE
20
Advisory Published
CVE Published
Updated

CVE-2010-4247: Input Validation

First published: Tue Nov 23 2010(Updated: )

If the frontend pass a bad index of production request, the backend will enter an endless loop and then cause a excessive CPU consumption. This issue has been fixed in upstream by: changeset: 391:77f831cbb91d user: Keir Fraser &lt;keir.fraser&gt; date: Fri Jan 18 16:52:25 2008 +0000 summary: blkback: Request-processing loop is unbounded and hence requires a <a href="http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d">http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d</a> changeset: 392:7070d34f251c user: Keir Fraser &lt;keir.fraser&gt; date: Mon Jan 21 11:43:31 2008 +0000 summary: blkback/blktap: Check for kthread_should_stop() in inner loop, <a href="http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c">http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c</a> Version-Release number of selected component (if applicable): 2.6.18-194.el5xen How reproducible: Steps to Reproduce: 1. build a guest kernel with the patch attached. 2. run domU with the patched kernel Actual results: Dom0 got hung. Expected results: Dom0 shouldn't be impacted by a bad guest.

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Citrix Xen<=3.3.2
Citrix Xen=3.0.2
Citrix Xen=3.0.3
Citrix Xen=3.0.4
Citrix Xen=3.1.3
Citrix Xen=3.1.4
Citrix Xen=3.2.0
Citrix Xen=3.2.1
Citrix Xen=3.2.2
Citrix Xen=3.2.3
Citrix Xen=3.3.0
Citrix Xen=3.3.1
Linux Linux kernel=2.6.18
All of
Any of
Citrix Xen<=3.3.2
Citrix Xen=3.0.2
Citrix Xen=3.0.3
Citrix Xen=3.0.4
Citrix Xen=3.1.3
Citrix Xen=3.1.4
Citrix Xen=3.2.0
Citrix Xen=3.2.1
Citrix Xen=3.2.2
Citrix Xen=3.2.3
Citrix Xen=3.3.0
Citrix Xen=3.3.1
Linux Linux kernel=2.6.18
debian/linux-2.6

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203