Denial of Service Vulnerability in Xen and Citrix XenServer Products
CVE-2012-3496

Currently unrated

Key Information:

Vendor
Citrix
Vendor
CVE Published:
23 November 2012

Summary

The XENMEM_populate_physmap function in specific versions of Xen and Citrix XenServer can be exploited by local paravirtualized operating system guest kernels. This exploitation occurs when the function does not utilize the expected paging mode, allowing unauthorized invocation of invalid flags, such as MEMF_populate_on_demand. This can lead to a denial of service condition, causing the host system to experience crashes triggered by the invalid flags, ultimately impacting system availability and stability.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.