CVE-2012-3432

Name of the Vulnerable Software and Affected Versions virt-manager (affected versions not specified) Xen versions 3.3 and 4.x

Description The issue is related to a potential denial of service, where exploitation can lead to a disruption in the availability of protected information. This can be achieved locally. Specifically, in Xen, the handle mmio function in arch/x86/hvm/io.c does not properly reset state information between emulation cycles when running an HVM guest. This allows local guest OS users to cause a denial of service, resulting in a guest OS crash, via unspecified operations on MMIO regions.

Recommendations For virt-manager, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Xen versions 3.3 and 4.x, consider restricting access to MMIO regions to minimize the risk of exploitation until a patch is available.