Permissions, Privileges, and Access Controls in Xen - CVE-2012-3432
Published: December 3, 2012 / Updated: July 28, 2020
Vulnerability identifier: #VU32756
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2012-3432
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows a local non-authenticated attacker to perform service disruption.
The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.
How to mitigate CVE-2012-3432
Install update from vendor's website.
Sources
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html
- http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://www.debian.org/security/2012/dsa-2531
- http://www.securityfocus.com/bid/54691