PT-2012-4760 · Citrix+2 · Xenserver+2

Matthew Daley

Publicado

2012-09-14

Atualizado

2017-07-01

CVE-2012-3495

CVSS v2.0

6.1

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions Xen versions 4.1.x Citrix XenServer version 6.0.2 and earlier

Description The issue allows guest OS users to cause a denial of service and possibly gain privileges via unspecified vectors. This is due to the physdev get free pirq hypercall in arch/x86/physdev.c using the return value of the get free pirq function as an array index without checking for error indications, leading to an invalid memory write and host crash.

Recommendations For Xen versions 4.1.x, update to a version that includes a fix for this issue. For Citrix XenServer version 6.0.2 and earlier, update to a version that includes a fix for this issue.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2012-3495

OPENSUSE-SU-2012_1172-1

OPENSUSE-SU-2012_1572-1

OPENSUSE-SU-2012_1573-1

Produtos afetados

Suse

Xen

Xenserver

PT-2012-4760 · Citrix+2 · Xenserver+2

CVE-2012-3495

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 68