2.7 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
28.1%
The backend driver in Xen 3.x allows guest OS users to cause a denial of
service via a kernel thread leak, which prevents the device and guest OS
from being shut down or create a zombie domain, causes a hang in zenwatch,
or prevents unspecified xm commands from working properly, related to (1)
netback, (2) blkback, or (3) blktap.
Author | Note |
---|---|
kees | The vulnerability described by CVE-2010-3699 probably exists, but I’ve not been able to reproduce it. It likely requires more block and network devices then I have at my disposal. Checked out http://xenbits.xensource.com/linux-2.6.18-xen.hg and compared. Not all of the original upstream patch was appropriate since it caused a regression with udev. |