PT-2012-5466 · Xen+2 · Xen+2

Published

2012-11-21

Updated

2024-06-15

CVE-2012-4535

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Xen versions 3.4 through 4.2 Xen versions prior to 3.4

Description The issue allows local guest OS administrators to cause a denial of service by setting a VCPU with an "inappropriate deadline", resulting in a Xen infinite loop and physical CPU consumption.

Recommendations For Xen versions 3.4 through 4.2, consider restricting VCPU settings to prevent the denial of service. For Xen versions prior to 3.4, consider upgrading to a version where this issue is addressed, or apply configuration changes to limit the impact of the issue. As a temporary workaround, consider disabling VCPU settings until a patch is available.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2012-4535

DSA-2582-1

OPENSUSE-SU-2012_1572-1

OPENSUSE-SU-2012_1573-1

OPENSUSE-SU-2024:10196-1

RHSA-2012:1540

RHSA-2012_1540

SUSE-SU-2014_0470-1

Affected Products

Red Hat

Suse

Xen

PT-2012-5466 · Xen+2 · Xen+2

CVE-2012-4535

Weakness Enumeration

Related Identifiers

Affected Products

References · 238