Vulnerability Description
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Xen | 3.1.2 |
| Linux | Linux Kernel | 2.6.18 |
| Redhat | Enterprise Linux | 5 |
Related Weaknesses (CWE)
References
- http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517Exploit
- http://secunia.com/advisories/42884
- http://secunia.com/advisories/46397
- http://www.redhat.com/support/errata/RHSA-2011-0017.html
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://www.securityfocus.com/bid/45795
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- https://bugzilla.redhat.com/show_bug.cgi?id=655623Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64698
- http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517Exploit
- http://secunia.com/advisories/42884
- http://secunia.com/advisories/46397
- http://www.redhat.com/support/errata/RHSA-2011-0017.html
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://www.securityfocus.com/bid/45795
FAQ
What is CVE-2010-4238?
CVE-2010-4238 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted acc...
How severe is CVE-2010-4238?
CVE-2010-4238 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4238?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Xen, Linux Linux Kernel, Redhat Enterprise Linux.