DEBIAN-CVE-2010-2938

DEBIAN-CVE-2010-2938 PUBLISHED CVSS 6.900000095367432 MEDIUM

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest.

Risk Scores

CVSS v4.0

6.900000095367432

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:13	xen	0, 0, 0
Debian:14	xen	0, 0, 0
Debian:11	xen	0, 0, 0
Debian:12	xen	0, 0, 0

Timeline

Oct 8, 2010 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2010-2938 advisory

Open in Interactive Console →