Denial of Service in Xen 3.x Backend Driver by Xen Project
CVE-2010-3699

Currently unrated

Key Information:

Vendor: Citrix
Status: Xen
Vendor: CVE Published:; 8 December 2010

Summary

A vulnerability in the backend driver of Xen 3.x allows unauthorized users within guest operating systems to exploit a kernel thread leak. This exploit can result in a denial of service, manifesting as the inability to properly shut down the device and guest OS, leading to the creation of zombie domains or causing hangs in monitoring tools such as zenwatch. Additionally, it compromises the proper execution of certain xm commands, specifically relating to netback, blkback, and blktap.

References

http://secunia.com/advisories/42789

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/43056

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2011/0024

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Dec 8, 2010
Vulnerability Reserved
Oct 1, 2010