Input validation error in Xen

1) Input validation error

EUVDB-ID: #VU45408

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2010-4255

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Xen: 3.0.2 - 4.0.0

CPE2.3

• cpe:2.3:a:xen_project:xen:3.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:xen_project:xen:3.0.3:*:*:*:*:*:*:*
• cpe:2.3:a:xen_project:xen:3.0.4:*:*:*:*:*:*:*

External links

https://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html
https://openwall.com/lists/oss-security/2010/11/30/5
https://openwall.com/lists/oss-security/2010/11/30/8
https://secunia.com/advisories/42884
https://secunia.com/advisories/46397
https://www.redhat.com/support/errata/RHSA-2011-0017.html
https://www.securityfocus.com/archive/1/520102/100/0/threaded
https://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=658155

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.