Denial of Service Vulnerability in Xen and Citrix XenServer Products
CVE-2012-3496

Currently unrated

Key Information:

Vendor: Citrix
Status: Xenserver; Xen
Vendor: CVE Published:; 23 November 2012

Summary

The XENMEM_populate_physmap function in specific versions of Xen and Citrix XenServer can be exploited by local paravirtualized operating system guest kernels. This exploitation occurs when the function does not utilize the expected paging mode, allowing unauthorized invocation of invalid flags, such as MEMF_populate_on_demand. This can lead to a denial of service condition, causing the host system to experience crashes triggered by the invalid flags, ultimately impacting system availability and stability.

References

http://secunia.com/advisories/55082

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/50530

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/51413

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Nov 23, 2012
Vulnerability Reserved
Jun 14, 2012