Permissions, Privileges, and Access Controls in Xen - CVE-2012-3432
Published: December 3, 2012 / Updated: July 28, 2020
Vulnerability identifier: #VU32756
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2012-3432
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Xen
Xen
Software vendor:
Xen Project
Xen Project
Description
The vulnerability allows a local non-authenticated attacker to perform service disruption.
The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.
Remediation
Install update from vendor's website.
External links
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html
- http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://www.debian.org/security/2012/dsa-2531
- http://www.securityfocus.com/bid/54691