Hypercall Vulnerability in Xen Virtualization Platform Impacting Various Versions
CVE-2012-3495

Currently unrated

Key Information:

Vendor: Xen Project
Status: Xen; Xenserver
Vendor: CVE Published:; 23 November 2012

What is CVE-2012-3495?

The physdev_get_free_pirq hypercall in Xen 4.1.x and Citrix XenServer versions earlier than 6.0.3 has a flaw where the return value from the get_free_pirq function is used as an array index without the appropriate error checks. This oversight could enable a malicious guest operating system user to cause a denial of service by writing to invalid memory locations, potentially leading to a host crash. In certain circumstances, this vulnerability might also allow attackers to escalate their privileges through various unspecified vectors, posing a significant risk to system security.

References

http://secunia.com/advisories/55082

third-party-advisoryx_refsource_SECUNIA

http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/6779ddca...

x_refsource_CONFIRM

http://lists.xen.org/archives/html/xen-announce/2012-09/m...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Nov 23, 2012
Vulnerability Reserved
Jun 14, 2012

Xen Project

What is CVE-2012-3495?

References

Timeline