Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5511

Overview

Vulnerability Score 4.7 4.7
CVE Id CVE-2012-5511
Last Modified 19 Apr 2014 12:28:29
Published 13 Dec 2012 06:53:48
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5511

Summary

Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.

Vulnerable Systems

Operating System

  • Xen 3.4.0

  • Xen 3.4.1

  • Xen 3.4.2

  • Xen 3.4.3

  • Xen 3.4.4

  • Xen 4.0.0

  • Xen 4.0.1

  • Xen 4.0.2

  • Xen 4.0.3

  • Xen 4.0.4

  • Xen 4.1.0


References

XF - xen-hvm-dos(80484)

BID - 56796

OSVDB - 88129

MLIST - [oss-security] 20121203 Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs

CONFIRM - http://support.citrix.com/article/CTX135777

SECUNIA - 51487

SECUNIA - 51486

SECUNIA - 51397

SUSE - SUSE-SU-2012:1615

SUSE - openSUSE-SU-2013:0133

SUSE - openSUSE-SU-2012:1687

SUSE - openSUSE-SU-2012:1685

DEBIAN - DSA-2636

SUSE - openSUSE-SU-2013:0637

SUSE - openSUSE-SU-2013:0636

GENTOO - GLSA-201309-24

SECUNIA - 55082

SUSE - SUSE-SU-2014:0446

Related Patches

Novell SUSE 2012:7133 xen security update for SLE 11 SP2 x86_64


Last Updated: 27 May 2016 10:57:38