VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jan 25, 2011· Updated Apr 29, 2026

CVE-2010-4255

CVE-2010-4255

Description

The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.

Affected products

19
  • Citrix Systems/Xen19 versions
    cpe:2.3:a:citrix:xen:*:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:citrix:xen:*:*:*:*:*:*:*:*range: <=4.0.1
    • cpe:2.3:a:citrix:xen:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:3.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.