Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
xenXen ProjectXSA-27
HistoryDec 03, 2012 - 5:51 p.m.

several HVM operations do not validate the range of their inputs

2012-12-0317:51:00
Xen Project
xenbits.xen.org
41

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

31.0%

JSON

ISSUE DESCRIPTION

Several HVM control operations do not check the size of their inputs and can tie up a physical CPU for extended periods of time.
In addition dirty video RAM tracking involves clearing the bitmap provided by the domain controlling the guest (e.g. dom0 or a stubdom). If the size of that bitmap is overly large, an intermediate variable on the hypervisor stack may overflow that stack.

IMPACT

A malicious guest administrator can cause Xen to become unresponsive or to crash leading in either case to a Denial of Service.

VULNERABLE SYSTEMS

All Xen versions from 3.4 onwards are vulnerable.
However Xen 4.2 and unstable are not vulnerable to the stack overflow. Systems running either of these are not vulnerable to the crash.
Version 3.4, 4.0 and 4.1 are vulnerable to both the stack overflow and the physical CPU hang.
The vulnerability is only exposed to HVM guests.

CPENameOperatorVersion
xenge3.4
xeneq3.4
xeneq4.0
xeneq4.1

Related

ubuntucve 2
prion 2
cvelist 2
cve 2
nvd 2
debiancve 2
openvas 38
nessus 17
debian 2
securityvulns 2
osv 1
fedora 15
suse 5
gentoo 1
ubuntucve
ubuntucve
CVE-2012-6333
2012-12-13 00:00:00
CVE-2012-5511
2012-12-13 00:00:00
prion
prion
Input validation
2012-12-13 11:53:00
Stack overflow
2012-12-13 11:53:00
cvelist
cvelist
CVE-2012-6333
2012-12-13 11:00:00
CVE-2012-5511
2012-12-13 11:00:00
cve
cve
CVE-2012-6333
2012-12-13 11:53:49
CVE-2012-5511
2012-12-13 11:53:48
nvd
nvd
CVE-2012-6333
2012-12-13 11:53:49
CVE-2012-5511
2012-12-13 11:53:48
debiancve
debiancve
CVE-2012-6333
2012-12-13 11:53:49
CVE-2012-5511
2012-12-13 11:53:48
openvas
openvas
Debian: Security Advisory (DSA-2636-1)
2013-03-02 00:00:00
Debian Security Advisory DSA 2636-2 (xen - several vulnerabilities)
2013-03-03 00:00:00
SuSE Update for xen openSUSE-SU-2012:1687-1 (xen)
2013-03-11 00:00:00
nessus
nessus
Fedora 16 : xen-4.1.3-6.fc16 (2012-19828)
2012-12-17 00:00:00
Debian DSA-2636-2 : xen - several vulnerabilities
2013-03-04 00:00:00
OracleVM 2.2 : xen (OVMSA-2012-0058)
2014-11-26 00:00:00
debian
debian
[SECURITY] [DSA 2636-2] xen regression update
2013-03-03 11:28:23
[SECURITY] [DSA 2636-1] xen security update
2013-03-01 19:23:57
securityvulns
securityvulns
[SECURITY] [DSA 2636-1] xen security update
2013-03-11 00:00:00
xen multiple security vulnerabilities
2013-03-11 00:00:00
osv
osv
xen - several
2013-03-03 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: xen-4.2.0-6.fc18
2012-12-12 00:16:38
[SECURITY] Fedora 16 Update: xen-4.1.3-6.fc16
2012-12-15 17:56:31
[SECURITY] Fedora 17 Update: xen-4.1.4-2.fc17
2013-01-23 01:28:58
suse
suse
xen to fix various denial of service issues (important)
2013-01-23 14:05:00
xen to fix various denial of service issues (important)
2012-12-23 20:16:24
Security update for Xen (important)
2012-12-06 17:08:57
gentoo
gentoo
Xen: Multiple vulnerabilities
2013-09-27 00:00:00

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

31.0%

JSON
Related for XSA-27
ubuntucve2prion2cvelist2cve2nvd2debiancve2openvas38nessus17debian2securityvulns2osv1fedora15suse5gentoo1