| Vulnerability Name: | CVE-2010-4247 (CCN-63527) | ||||||||||||||||||||||||
| Assigned: | 2008-01-18 | ||||||||||||||||||||||||
| Published: | 2008-01-18 | ||||||||||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||||||||||
| Summary: | The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. Note: some of these details are obtained from third party information. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 5.5 Medium (CVSS v2 Vector: AV:A/AC:L/Au:S/C:N/I:N/A:C) 4.1 Medium (Temporal CVSS v2 Vector: AV:A/AC:L/Au:S/C:N/I:N/A:C/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
4.1 Medium (REDHAT Temporal CVSS v2 Vector: AV:A/AC:L/Au:S/C:N/I:N/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2010-4247 Source: CCN Type: RHSA-2011-0004 Important: kernel security, bug fix, and enhancement update Source: CCN Type: SA35093 Xen "hypervisor_callback()" Denial of Service Source: CCN Type: SA46397 VMware ESX / ESXi Server Multiple Vulnerabilities Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: CCN Type: OSVDB ID: 70380 Linux Kernel Xen x do_block_io_op Function Production Request Index DoS Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: BID-45029 Xen 'drivers/xen/blkback/blkback.c' Local Denial Of Service Vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: XenSource Web Site Xen Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: XF Type: UNKNOWN xen-blkback-dos(63527) | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||