Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2934

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2012-2934
Last Modified 05 May 2014 01:11:30
Published 03 Dec 2012 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2934

Summary

Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.

Vulnerable Systems

Operating System

  • Xen 4.0.0

  • Xen 4.1.0


References

DEBIAN - DSA-2501

MISC - http://support.amd.com/us/Processor_TechDocs/25759.pdf

MLIST - [Xen-announce] 20120612 [Xen-announce] Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121)

SUSE - openSUSE-SU-2012:1572

BID - 53961

MLIST - [Xen-announce] 20120612 [Xen-announce] Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121)

SECUNIA - 51413

GENTOO - GLSA-201309-24

SECUNIA - 55082

SUSE - openSUSE-SU-2012:1573

Related Patches

Red Hat 2012:0721-01 RHSA Important: kernel security update for RHEL 5 x86

Red Hat 2012:0721-01 RHSA Important: kernel security update for RHEL 5 x86_64

Novell SUSE 2012:6399 xen-201206 security update for SLE 11 SP1 i586

Novell SUSE 2012:6399 xen-201206 security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6400 xen-201206 recommended update for SLE 11 SP2 i586

Novell SUSE 2012:6400 xen-201206 recommended update for SLE 11 SP2 x86_64

Novell SUSE 2012:8180 xen-201206 security update for SLE 10 SP4 i586

Novell SUSE 2012:8180 xen-201206 security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:03:12