CVE-2010-4247

Citrix Xen < 3.3.2 - Denial of Service via Large Production Request Index

Title source: llm
STIX 2.1

Description

The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information.

References (13)

Core 13
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42789
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0024
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0004.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45029
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520102/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46397
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35093
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/11/23/1
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/11/24/8

Scores

EPSS 0.0062
EPSS Percentile 70.1%

Details

CWE
CWE-20
Status published
Products (12)
citrix/xen 3.0.2
citrix/xen 3.0.3
citrix/xen 3.0.4
citrix/xen 3.1.3
citrix/xen 3.1.4
citrix/xen 3.2.0
citrix/xen 3.2.1
citrix/xen 3.2.2
citrix/xen 3.2.3
citrix/xen 3.3.0
... and 2 more
Published Jan 11, 2011
Tracked Since Feb 18, 2026