Home > Vulnerability Database > CVE-2010-2938

Mend.io Vulnerability Database

CVE-2010-2938

Date: October 8, 2010

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest.

Severity Score

6.2

Related Resources (11)

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-2938

Url: http://www.redhat.com/support/errata/RHSA-2010-0723.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=620490

Url: http://secunia.com/advisories/46397

Url: http://www.vmware.com/security/advisories/VMSA-2011-0012.html

Url: http://xenbits.xensource.com/xen-unstable.hg?rev/15911

Url: http://www.securityfocus.com/archive/1/520102/100/0/threaded

Url: http://www.securityfocus.com/bid/43578

Url: http://support.avaya.com/css/P8/documents/100113326

Url: https://access.redhat.com/security/cve/CVE-2010-2938

Url: https://www.mend.io/vulnerability-database/CVE-2010-2938

Severity Score

6.2

Weakness Type (CWE)

Resource Management Errors

CWE-399

CVSS v3.1

Base Score:	6.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-2938

Date: October 8, 2010

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?