Skip to main content

Xenserver CVE-2012-3495

MEDIUM
Improper Input Validation (CWE-20)
2012-11-23 secalert@redhat.com
6.1
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:P/I:P/A:C
Attack Vector
Local
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
C

Lifecycle Timeline

1
CVE Published
Nov 23, 2012 - 20:55 cve.org
MEDIUM 6.1

DescriptionCVE.org

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.

AnalysisAI

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. Affected products include: Citrix Xenserver, Xen.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2015-7705 CRITICAL
9.8 Aug 07

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified

CVE-2018-8897 HIGH POC
7.8 May 08

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) wa

CVE-2015-7704 HIGH
7.5 Aug 07

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service v

CVE-2014-4947 CRITICAL
10.0 Jul 22

Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified i

CVE-2016-5302 CRITICAL
9.8 Jun 13

Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow re

CVE-2018-14007 CRITICAL
9.8 Aug 15

Citrix XenServer 7.1 and newer allows Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is rem

CVE-2017-12134 HIGH
8.8 Aug 24

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt bloc

CVE-2016-9383 HIGH
8.8 Jan 23

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently ob

CVE-2016-6258 HIGH
8.8 Aug 02

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain h

CVE-2016-3710 HIGH
8.8 May 11

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS

CVE-2017-12135 HIGH
8.8 Aug 24

Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain pr

Share

CVE-2012-3495 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy