CVE-2010-4238
Published: 22 January 2011
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.
From the Ubuntu Security Team
Vladymyr Denysov discovered that Xen virtual CD-ROM devices were not handled correctly. A local attacker in a guest could make crafted blkback requests that would crash the host, leading to a denial of service.
Notes
Author | Note |
---|---|
smb | Upstream Xen is more lining up to Xen 4 and I suppose that should handle the CDROM part. So setting not affected. We are not using the kernel part of the xen package, so not-affected. |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.6.24-29.92)
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Not vulnerable
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(no xen Dom0 kernel)
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
xen-3.1 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Not vulnerable
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needed
|