FKIE_CVE-2010-3699

Vulnerability from fkie_nvd - Published: 2010-12-08 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html
secalert@redhat.comhttp://secunia.com/advisories/42372Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/42789
secalert@redhat.comhttp://secunia.com/advisories/43056
secalert@redhat.comhttp://secunia.com/advisories/46397
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-0004.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/520102/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/45039
secalert@redhat.comhttp://www.securitytracker.com/id?1024786
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2011-0012.html
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0024
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0213
secalert@redhat.comhttp://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181bPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42372Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42789
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43056
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46397
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0004.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/520102/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45039
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1024786
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2011-0012.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0024
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0213
af854a3a-2127-422b-91ae-364da2661108http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181bPatch
Impacted products
Vendor Product Version
citrix xen 3.0.2
citrix xen 3.0.3
citrix xen 3.0.4
citrix xen 3.1.3
citrix xen 3.1.4
citrix xen 3.2.0
citrix xen 3.2.1
citrix xen 3.2.2
citrix xen 3.2.3
citrix xen 3.3.0
citrix xen 3.3.1
citrix xen 3.3.2
citrix xen 3.4.0
citrix xen 3.4.1
citrix xen 3.4.2
citrix xen 3.4.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D97BF124-C4F1-452D-B5B4-0EBDB01E0DED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C9A466D-2E51-4662-8E85-8F5FA7B94A04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C42C6DE-F11E-454E-AA0A-7466E74A904A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFAB978D-9364-4DB4-872B-CD52FA271F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "296411C1-F3EB-4D2E-9F95-3F6BA9FE4C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "25EAB8E4-99D5-4970-AAAD-1762F0A2CD02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7CB6DD9-1E32-4242-9DAB-082F03769723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E65CBEF-76BD-4FCC-8094-15B93E98515F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C258D5F5-970D-42E8-BE0F-AAC993AE2819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29D50CDE-9F80-4C2E-A1F4-530B6C2D8E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55C9A065-28F1-4C60-86B6-DBB33ABEAE80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02C8B74D-535D-48FF-8982-BCC28CB7EF7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0BD93F4-FF44-46BD-B9BA-0A13A210B238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50786C9D-CBE1-4CA7-A159-2DACEA9FC739",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8BA4D2F-47C9-4127-92B3-21F91C73FCC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xen:3.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "905310D3-4E25-4C03-9D9A-6658FC307632",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap."
    },
    {
      "lang": "es",
      "value": "El driver backend en Xen v3.x permite a usuarios del OS causar una denegaci\u00f3n de servicio a trav\u00e9s de una fuga en el hilo del kernel, lo que evita que el dispositivo y el invitado OS sean apagados o se cree un dominio zombie, causando una ca\u00edda en zenwatch, o impida que comandos sin especificar xm trabajen de forma adecuada, relacionado con (1) netback, (2) blkback, o (3) blktap."
    }
  ],
  "id": "CVE-2010-3699",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.7,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-12-08T20:00:01.087",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42372"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42789"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/45039"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1024786"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0024"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0213"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.