Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3432

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2012-3432
Last Modified 10 Oct 2013 11:44:48
Published 03 Dec 2012 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3432

Summary

The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.

Vulnerable Systems

Operating System

  • Xen 3.3.0

  • Xen 4.0.0

  • Xen 4.0.1

  • Xen 4.0.2

  • Xen 4.0.3

  • Xen 4.0.4

  • Xen 4.1.0

  • Xen 4.1.1

  • Xen 4.1.2

  • Xen 4.1.3

  • Xen 4.2.0


References

DEBIAN - DSA-2531

MLIST - [Xen-devel] 20120727 Xen Security Advisory 10 (CVE-2012-3432) - HVM user mode MMIO emul DoS

SUSE - openSUSE-SU-2012:1174

SUSE - openSUSE-SU-2012:1172

SUSE - SUSE-SU-2012:1044

SUSE - SUSE-SU-2012:1043

BID - 54691

MLIST - [Xen-devel] 20120727 Xen Security Advisory 10 (CVE-2012-3432) - HVM user mode MMIO emul DoS

GENTOO - GLSA-201309-24

SECUNIA - 55082

Related Patches

Novell SUSE 2012:6640 xen-201208 security update for SLE 11 SP2 x86_64

Novell SUSE 2012:6653 xen-201208 security update for SLE 11 SP1 i586

Novell SUSE 2012:6653 xen-201208 security update for SLE 11 SP1 x86_64


Last Updated: 27 May 2016 11:01:26