CVE-2010-3699low
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.
References
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html
http://secunia.com/advisories/42372
http://secunia.com/advisories/42789
http://secunia.com/advisories/43056
http://secunia.com/advisories/46397
http://www.redhat.com/support/errata/RHSA-2011-0004.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securityfocus.com/bid/45039
http://www.securitytracker.com/id?1024786
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.vupen.com/english/advisories/2011/0024
http://www.vupen.com/english/advisories/2011/0213
http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:citrix:xen:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xen:3.4.1:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 89680 | VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check) | Nessus | Misc. | high |
| 75554 | openSUSE Security Update : kernel (openSUSE-SU-2011:0399-1) | Nessus | SuSE Local Security Checks | high |
| 68176 | Oracle Linux 5 : kernel (ELSA-2011-0004) | Nessus | Oracle Linux Local Security Checks | high |
| 60929 | Scientific Linux Security Update : kernel on SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
| 59154 | SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7304) | Nessus | SuSE Local Security Checks | medium |
| 56508 | VMSA-2011-0012 : VMware ESXi and ESX updates to third-party libraries and ESX Service Console | Nessus | VMware ESX Local Security Checks | high |
| 53740 | openSUSE Security Update : kernel (openSUSE-SU-2011:0346-1) | Nessus | SuSE Local Security Checks | high |
| 52597 | SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4039 / 4042 / 4043) | Nessus | SuSE Local Security Checks | high |
| 52475 | Ubuntu 8.04 LTS : linux vulnerabilities (USN-1072-1) | Nessus | Ubuntu Local Security Checks | high |
| 51818 | Debian DSA-2153-1 : linux-2.6 - privilege escalation/denial of service/information leak | Nessus | Debian Local Security Checks | high |
| 51752 | SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7303) | Nessus | SuSE Local Security Checks | medium |
| 51426 | CentOS 5 : kernel (CESA-2011:0004) | Nessus | CentOS Local Security Checks | high |
| 51417 | RHEL 5 : kernel (RHSA-2011:0004) | Nessus | Red Hat Local Security Checks | high |