Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0218

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2012-0218
Last Modified 10 Oct 2013 11:40:30
Published 03 Dec 2012 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0218

Summary

Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.

Vulnerable Systems

Operating System

  • Xen 3.4.0

  • Xen 4.0.0

  • Xen 4.1.0


References

DEBIAN - DSA-2501

MLIST - [Xen-announce] 20120612 Xen Security Advisory 8 (CVE-2012-0218) - syscall/enter guest DoS

GENTOO - GLSA-201309-24

SECUNIA - 55082

Related Patches

Novell SUSE 2012:6399 xen-201206 security update for SLE 11 SP1 i586

Novell SUSE 2012:6399 xen-201206 security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6400 xen-201206 recommended update for SLE 11 SP2 i586

Novell SUSE 2012:6400 xen-201206 recommended update for SLE 11 SP2 x86_64

Novell SUSE 2012:8180 xen-201206 security update for SLE 10 SP4 i586

Novell SUSE 2012:8180 xen-201206 security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:01:25