CVE-2012-3433 - Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang a

CVE-2012-3433

Summary

Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown.

References

Vulnerable Configurations

cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 11-10-2013 - 03:44)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	54942
debian	DSA-2531
gentoo	GLSA-201309-24
mlist	[Xen-devel] 20120809 Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS [oss-security] 20120809 Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS
secunia	55082
suse	SUSE-SU-2012:1043 SUSE-SU-2012:1044 openSUSE-SU-2012:1172 openSUSE-SU-2012:1174

Last major update

11-10-2013 - 03:44

Published

24-11-2012 - 20:55

Last modified

11-10-2013 - 03:44