Denial of Service Vulnerability in Xen 3.1.2 Affecting Red Hat Enterprise Linux
CVE-2010-4238

Currently unrated

Key Information:

Vendor: Citrix
Status: Xen
Vendor: CVE Published:; 22 January 2011

Summary

The vbd_create function in Xen 3.1.2 creates a significant risk when paired with the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5. This vulnerability allows malicious users running guest operating systems to exploit access to a virtual CD-ROM device through the blkback driver, potentially leading to a denial of service condition that results in the host OS becoming unresponsive and ultimately crashing. This can severely impact system stability and availability, making it crucial for organizations to apply timely patches and updates.

References

http://bugs.centos.org/bug_view_advanced_page.php?bug_id=...

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=655623

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/520102/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jan 22, 2011
Vulnerability Reserved
Nov 16, 2010