CVE-2010-2938
Description
arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A flaw in the Linux kernel VMCS implementation on Intel CPUs without EPT allows local users to crash the host by triggering a VMCS dump from a fully virtualized Xen guest.
Vulnerability
The vulnerability resides in arch/x86/hvm/vmx/vmcs.c in the Linux kernel 2.6.18 as shipped with Red Hat Enterprise Linux 5. When running on Intel platforms that lack Extended Page Tables (EPT) support, the VMCS implementation accesses fields without verifying hardware support. This issue was introduced between kernel versions 2.6.18-92 and 2.6.18-128 [3]. Affected versions include RHEL 5.3 and newer [3].
Exploitation
An attacker with permissions to configure a fully-virtualized Xen guest can trigger the bug by causing a VMCS dump, for example by booting a specially crafted image (e.g., gpxe.lkrn) that causes the guest to crash [3]. The crash of the fully-virtualized guest then triggers the flawed VMCS dump code path, leading to a host crash. No special privileges beyond guest configuration are required [2].
Impact
Successful exploitation causes a denial of service: the host operating system crashes, affecting all virtual machines running on that host. The attacker does not gain code execution or privilege escalation; the impact is limited to host availability [2][3].
Mitigation
Red Hat released an update in RHSA-2010-0723 on 2010-09-07 [4]. The fix is included in kernel version 2.6.18-194.26.1.el5 or later. Users should apply the updated kernel package and reboot. VMware also addressed this CVE in VMSA-2011-0012 for ESX/ESXi [1]. No workaround is available other than applying the patch.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 2.6.18
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- secunia.com/advisories/46397nvd
- support.avaya.com/css/P8/documents/100113326nvd
- www.redhat.com/support/errata/RHSA-2010-0723.htmlnvd
- www.securityfocus.com/archive/1/520102/100/0/threadednvd
- www.securityfocus.com/bid/43578nvd
- www.vmware.com/security/advisories/VMSA-2011-0012.htmlnvd
- xenbits.xensource.com/xen-unstable.hgnvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.