Denial of Service Vulnerability in Xen and Citrix XenServer
CVE-2012-3498

Currently unrated

Key Information:

Vendor: Citrix
Status: Xenserver; Xen
Vendor: CVE Published:; 23 November 2012

Summary

The vulnerability allows local HVM guest OS kernels to exploit a weakness within the PHYSDEVOP_map_pirq component, potentially leading to a denial of service through host crashes. Furthermore, the absence of adequate range checks may enable unauthorized access to hypervisor or guest memory. This poses significant risks for systems employing Xen 4.1, 4.2 and Citrix XenServer 6.0.2 and earlier versions.

References

http://secunia.com/advisories/55082

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/50530

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/51413

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Nov 23, 2012
Vulnerability Reserved
Jun 14, 2012