CVE-2012-3496

Name of the Vulnerable Software and Affected Versions Xen versions 4.0 through 4.2 Citrix XenServer version 6.0.2 and earlier

Description The issue allows local PV OS guest kernels to cause a denial of service, resulting in a host crash, by triggering a BUG when invalid flags such as MEMF populate on demand are used. This occurs when translating paging mode is not used.

Recommendations For Xen versions 4.0 through 4.2, consider updating to a version where this issue is resolved to prevent local PV OS guest kernels from causing a denial of service. For Citrix XenServer version 6.0.2 and earlier, consider updating to a version where this issue is resolved to prevent local PV OS guest kernels from causing a denial of service. As a temporary workaround, consider restricting the use of invalid flags such as MEMF populate on demand in the XENMEM populate physmap function until a patch is available.