{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-29T00:00:00", "descriptions": [{"lang": "en", "value": "arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2010:0723", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"}, {"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"name": "43578", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/43578"}, {"name": "46397", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46397"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xensource.com/xen-unstable.hg?rev/15911"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/css/P8/documents/100113326"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620490"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:55:45.503Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2010:0723", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"}, {"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"name": "43578", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/43578"}, {"name": "46397", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46397"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xensource.com/xen-unstable.hg?rev/15911"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/css/P8/documents/100113326"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620490"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2938", "datePublished": "2010-10-08T20:00:00", "dateReserved": "2010-08-04T00:00:00", "dateUpdated": "2024-08-07T02:55:45.503Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest."}, {"lang": "es", "value": "El fichero arch/x86/hvm/vmx/vmcs.c en la implementaci\u00f3n de la estructura de control de m\u00e1quina virtual (VMCS) en el kernel de Linux v2.6.18 de Linux en Red Hat Enterprise Linux (RHEL) 5, cuando se usa una plataforma de Intel sin la funcionalidad de Tabla de p\u00e1ginas extendida(EPT), tiene acceso a los campos VMCS sin verificar el soporte de hardware para estos campos, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (caida del sistema operativo) pidiendo un dump de VMCS para un hu\u00e9sped Xen totalmente virtualizado."}], "id": "CVE-2010-2938", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-10-08T21:00:02.190", "references": [{"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/46397"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/css/P8/documents/100113326"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/43578"}, {"source": "secalert@redhat.com", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"source": "secalert@redhat.com", "url": "http://xenbits.xensource.com/xen-unstable.hg?rev/15911"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620490"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/46397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/css/P8/documents/100113326"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/43578"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xenbits.xensource.com/xen-unstable.hg?rev/15911"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620490"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0723", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-194.17.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2010-09-29T00:00:00Z"}], "bugzilla": {"description": "kernel: guest crashes on non-EPT machines may crash the host as well", "id": "620490", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620490"}, "csaw": false, "cvss": {"cvss_base_score": "5.5", "cvss_scoring_vector": "AV:A/AC:L/Au:S/C:N/I:N/A:C", "status": "verified"}, "details": ["arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest."], "name": "CVE-2010-2938", "public_date": "2010-09-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-2938\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2938"], "threat_severity": "Moderate"}