Multiple vulnerabilities in Xen
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2013-0154 CVE-2012-6333 CVE-2012-5525 CVE-2012-6030 CVE-2012-6031 CVE-2012-6032 CVE-2012-6033 CVE-2012-6034 CVE-2012-6035 CVE-2012-6036 CVE-2012-4411 |
| CWE-ID | CWE-20 CWE-399 CWE-264 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Xen Server applications / Virtualization software |
| Vendor | Xen Project |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU43208
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-0154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.2.0
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
https://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
https://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
https://osvdb.org/88913
https://seclists.org/oss-sec/2013/q1/att-17/xsa37-4_2.patch
https://secunia.com/advisories/55082
https://security.gentoo.org/glsa/glsa-201309-24.xml
https://www.openwall.com/lists/oss-security/2013/01/04/2
https://www.securityfocus.com/bid/57159
https://www.securitytracker.com/id?1027937
https://exchange.xforce.ibmcloud.com/vulnerabilities/80977
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU43248
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6333
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 3.4.0 - 4.2.0
CPE2.3- cpe:2.3:a:xen_project:xen:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:3.4.2:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
https://secunia.com/advisories/51397
https://secunia.com/advisories/51486
https://secunia.com/advisories/51487
https://secunia.com/advisories/55082
https://security.gentoo.org/glsa/glsa-201309-24.xml
https://support.citrix.com/article/CTX135777
https://www.openwall.com/lists/oss-security/2012/12/03/10
https://www.osvdb.org/88129
https://www.securityfocus.com/bid/56796
https://exchange.xforce.ibmcloud.com/vulnerabilities/80484
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU43249
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-5525
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.2.0
CPE2.3 External linkshttps://secunia.com/advisories/51397
https://secunia.com/advisories/55082
https://security.gentoo.org/glsa/glsa-201309-24.xml
https://www.openwall.com/lists/oss-security/2012/12/03/6
https://www.osvdb.org/88133
https://www.securityfocus.com/bid/56805
https://exchange.xforce.ibmcloud.com/vulnerabilities/80480
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU43298
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2012-6030
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.0.0 - 4.2.0
CPE2.3- cpe:2.3:a:xen_project:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
https://osvdb.org/85199
https://secunia.com/advisories/50472
https://secunia.com/advisories/55082
https://security.gentoo.org/glsa/glsa-201309-24.xml
https://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
https://www.openwall.com/lists/oss-security/2012/09/05/8
https://www.securityfocus.com/bid/55410
https://www.securitytracker.com/id?1027482
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268
https://security.gentoo.org/glsa/201604-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU43299
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6031
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.0.0 - 4.2.0
CPE2.3- cpe:2.3:a:xen_project:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
https://osvdb.org/85199
https://secunia.com/advisories/50472
https://secunia.com/advisories/55082
https://security.gentoo.org/glsa/glsa-201309-24.xml
https://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
https://www.openwall.com/lists/oss-security/2012/09/05/8
https://www.securityfocus.com/bid/55410
https://www.securitytracker.com/id?1027482
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268
https://security.gentoo.org/glsa/201604-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU43300
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6032
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows local guest OS users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (memory corruption and host crash) via unspecified vectors.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXen: 4.0.0 - 4.2.0
CPE2.3- cpe:2.3:a:xen_project:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
https://osvdb.org/85199
https://secunia.com/advisories/50472
https://secunia.com/advisories/55082
https://security.gentoo.org/glsa/glsa-201309-24.xml
https://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
https://www.openwall.com/lists/oss-security/2012/09/05/8
https://www.securityfocus.com/bid/55410
https://www.securitytracker.com/id?1027482
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268
https://security.gentoo.org/glsa/201604-03
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU43301
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6033
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.0.0 - 4.2.0
CPE2.3- cpe:2.3:a:xen_project:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
https://osvdb.org/85199
https://secunia.com/advisories/50472
https://secunia.com/advisories/55082
https://security.gentoo.org/glsa/glsa-201309-24.xml
https://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
https://www.openwall.com/lists/oss-security/2012/09/05/8
https://www.securityfocus.com/bid/55410
https://www.securitytracker.com/id?1027482
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268
https://security.gentoo.org/glsa/201604-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU43302
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6034
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows local guest OS users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXen: 4.0.0 - 4.2.0
CPE2.3- cpe:2.3:a:xen_project:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
https://osvdb.org/85199
https://secunia.com/advisories/50472
https://secunia.com/advisories/55082
https://security.gentoo.org/glsa/glsa-201309-24.xml
https://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
https://www.openwall.com/lists/oss-security/2012/09/05/8
https://www.securityfocus.com/bid/55410
https://www.securitytracker.com/id?1027482
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268
https://security.gentoo.org/glsa/201604-03
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU43303
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2012-6035
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows local guest OS users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXen: 4.0.0 - 4.2.0
CPE2.3- cpe:2.3:a:xen_project:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
https://osvdb.org/85199
https://secunia.com/advisories/50472
https://secunia.com/advisories/55082
https://security.gentoo.org/glsa/glsa-201309-24.xml
https://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
https://www.openwall.com/lists/oss-security/2012/09/05/8
https://www.securityfocus.com/bid/55410
https://www.securitytracker.com/id?1027482
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268
https://security.gentoo.org/glsa/201604-03
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU43304
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6036
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows local guest OS users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXen: 4.0.0 - 4.2.0
CPE2.3- cpe:2.3:a:xen_project:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
https://osvdb.org/85199
https://secunia.com/advisories/50472
https://secunia.com/advisories/55082
https://security.gentoo.org/glsa/glsa-201309-24.xml
https://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities
https://www.openwall.com/lists/oss-security/2012/09/05/8
https://www.securityfocus.com/bid/55410
https://www.securitytracker.com/id?1027482
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268
https://exchange.xforce.ibmcloud.com/vulnerabilities/80326
https://security.gentoo.org/glsa/201604-03
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU43305
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-4411
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local #AU# to gain access to sensitive information.
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.0.0 - 4.2.0
CPE2.3- cpe:2.3:a:xen_project:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.2.0:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
https://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html
https://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
https://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
https://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html
https://lists.xen.org/archives/html/xen-announce/2012-09/msg00008.html
https://secunia.com/advisories/50493
https://secunia.com/advisories/51324
https://secunia.com/advisories/51352
https://secunia.com/advisories/51413
https://secunia.com/advisories/55082
https://security.gentoo.org/glsa/glsa-201309-24.xml
https://www.debian.org/security/2012/dsa-2543
https://www.openwall.com/lists/oss-security/2012/09/06/2
https://www.openwall.com/lists/oss-security/2012/09/06/7
https://www.openwall.com/lists/oss-security/2012/09/07/5
https://www.securityfocus.com/bid/55442
https://security.gentoo.org/glsa/201604-03
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
