PT-2012-4763 · Citrix+1 · Xenserver+2

Matthew Daley

Publicado

2012-09-14

Atualizado

2017-08-29

CVE-2012-3498

CVSS v2.0

5.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions Xen versions 4.1 through 4.2 Citrix XenServer version 6.0.2 and earlier

Description The issue allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory. This is due to a missing range check of map->index in the PHYSDEVOP map pirq function.

Recommendations For Xen versions 4.1 through 4.2, consider applying a patch that includes a range check for map->index in the PHYSDEVOP map pirq function to prevent the denial of service and potential memory read. For Citrix XenServer version 6.0.2 and earlier, update to a version that includes the fix for the PHYSDEVOP map pirq function.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2012-3498

OPENSUSE-SU-2012_1172-1

OPENSUSE-SU-2012_1572-1

OPENSUSE-SU-2012_1573-1

Produtos afetados

Suse

Xen

Xenserver

PT-2012-4763 · Citrix+1 · Xenserver+2

CVE-2012-3498

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 72