PT-2012-4763 · Citrix+1 · Xenserver+2

Matthew Daley

Published

2012-09-14

Updated

2017-08-29

CVE-2012-3498

CVSS v2.0

5.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions Xen versions 4.1 through 4.2 Citrix XenServer version 6.0.2 and earlier

Description The issue allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory. This is due to a missing range check of map->index in the PHYSDEVOP map pirq function.

Recommendations For Xen versions 4.1 through 4.2, consider applying a patch that includes a range check for map->index in the PHYSDEVOP map pirq function to prevent the denial of service and potential memory read. For Citrix XenServer version 6.0.2 and earlier, update to a version that includes the fix for the PHYSDEVOP map pirq function.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2012-3498

OPENSUSE-SU-2012_1172-1

OPENSUSE-SU-2012_1572-1

OPENSUSE-SU-2012_1573-1

Affected Products

Suse

Xen

Xenserver

PT-2012-4763 · Citrix+1 · Xenserver+2

CVE-2012-3498

Weakness Enumeration

Related Identifiers

Affected Products

References · 72