CVE-2010-4255

Name of the Vulnerable Software and Affected Versions Xen versions 4.0.1 and earlier

Description The issue arises from the fixup page fault function in arch/x86/traps.c when paravirtualization is enabled on 64-bit platforms. It fails to verify that kernel mode is used to call the handle gdt ldt mapping fault function. This allows guest OS users to cause a denial of service (host OS BUG ON) via a crafted memory access.

Recommendations For Xen versions 4.0.1 and earlier, consider updating to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to paravirtualization features to minimize the risk of exploitation.