Vulnerability Name:

CVE-2010-4255 (CCN-63502)

Assigned:2010-11-29
Published:2010-11-29
Updated:2018-10-10
Summary:The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:6.1 Medium (CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C)
4.9 Medium (Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
6.1 Medium (REDHAT CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C)
4.9 Medium (REDHAT Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2010-4255

Source: CCN
Type: XenSource Web Site
x86-64: don't crash Xen upon direct pv guest access

Source: MLIST
Type: Patch
[xen-devel] 20101129 [PATCH] x86-64: don't crash Xen upon direct pv guest access

Source: MLIST
Type: Patch
[oss-security] 20101130 CVE request: xen: x86-64: don't crash Xen upon direct pv guest access

Source: MLIST
Type: Patch
[oss-security] 20101130 Re: CVE request: xen: x86-64: don't crash Xen upon direct pv guest access

Source: CCN
Type: RHSA-2011-0017
Important: Red Hat Enterprise Linux 5.6 kernel security and bug fix update

Source: CCN
Type: SA42395
Xen GDT/LDT Access Denial of Service Vulnerability

Source: CCN
Type: SA42422
Xen GDT/LDT Access Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
42884

Source: CCN
Type: SA46397
VMware ESX / ESXi Server Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
46397

Source: CCN
Type: OSVDB ID: 69613
Xen xen/arch/x86/traps.c fixup_page_fault() Function Local DoS

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0017

Source: BUGTRAQ
Type: UNKNOWN
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console

Source: CCN
Type: BID-45099
Xen 'fixup_page_fault()' Denial of Service Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2011-0012.html

Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/show_bug.cgi?id=658155

Source: XF
Type: UNKNOWN
xen-fixuppagefault-dos(63502)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:citrix:xen:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:*:*:*:*:*:*:*:* (Version <= 4.0.1)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:xensource:xen:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:3.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xen:4.0.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20104255
    V
    		CVE-2010-4255
    2017-09-27
    oval:org.mitre.oval:def:22989
    P
    		ELSA-2011:0017: Oracle Linux 5.x.6 kernel security and bug fix update (Important)
    2014-05-26
    oval:org.mitre.oval:def:21526
    P
    		RHSA-2011:0017: Red Hat Enterprise Linux 5.6 kernel security and bug fix update (Important)
    2014-02-24
    oval:org.mitre.oval:def:20247
    V
    		VMware ESX third party updates for Service Console packages glibc and dhcp
    2014-01-20
    oval:com.ubuntu.precise:def:20104255000
    V
    		CVE-2010-4255 on Ubuntu 12.04 LTS (precise) - low.
    2011-01-24
    oval:com.redhat.rhsa:def:20110017
    P
    		RHSA-2011:0017: Red Hat Enterprise Linux 5.6 kernel security and bug fix update (Important)
    2011-01-13
    BACK
    citrix xen 3.0.2
    citrix xen 3.0.3
    citrix xen 3.0.4
    citrix xen 3.1.2
    citrix xen 3.1.3
    citrix xen 3.1.4
    citrix xen 3.2.0
    citrix xen 3.2.1
    citrix xen 3.2.2
    citrix xen 3.2.3
    citrix xen 3.3.0
    citrix xen 3.3.1
    citrix xen 3.3.2
    citrix xen 3.4.0
    citrix xen 3.4.1
    citrix xen 3.4.2
    citrix xen 3.4.3
    citrix xen 4.0.0
    citrix xen *
    xensource xen 3.0.3
    xensource xen 3.1.2
    xensource xen 3.0
    xensource xen 4.0
    citrix xen 3.2.0
    citrix xen 3.2.1
    citrix xen 3.1.3
    citrix xen 3.1.4
    citrix xen 3.0.2
    citrix xen 3.0.4
    citrix xen 3.0.3
    citrix xen 3.3.0
    citrix xen 3.1.2
    citrix xen 3.2.3
    citrix xen 3.2.2
    citrix xen 3.3.2
    citrix xen 3.3.1
    citrix xen 3.4.1
    citrix xen 3.4.0
    citrix xen 3.4.3
    citrix xen 3.4.2
    citrix xen 4.0.0
    citrix xen 4.0.1
    redhat enterprise linux 5
    redhat enterprise linux 5