Lucene search

[email protected]CVE-2012-3433

HistoryNov 24, 2012 - 8:55 p.m.

CVE-2012-3433

2012-11-2420:55:02

CWE-399

[email protected]

web.nvd.nist.gov

xen

4.0

4.1

denial of service

vulnerability

nvd

cve-2012-3433

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

3.5 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown.

Affected configurations

NVD

Node

xenxenMatch4.0.0

xenxenMatch4.1.0

CPENameOperatorVersion
xen:xenxeneq4.0.0
xen:xenxeneq4.1.0

CPE	Name	Operator	Version
xen:xen	xen	eq	4.0.0
xen:xen	xen	eq	4.1.0

References

lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html

lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html

lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html

secunia.com/advisories/55082

security.gentoo.org/glsa/glsa-201309-24.xml

www.debian.org/security/2012/dsa-2531

www.openwall.com/lists/oss-security/2012/08/09/3

www.securityfocus.com/bid/54942

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

3.5 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

Related for CVE-2012-3433

ubuntucve1 nvd1 nessus12 debiancve1 prion1 cvelist1 openvas53 securityvulns2 osv1 debian1 suse4 fedora22 gentoo1