ID CVE-2012-3433
Summary Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown.
References
Vulnerable Configurations
  • cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 11-10-2013 - 03:44)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 54942
debian DSA-2531
gentoo GLSA-201309-24
mlist
  • [Xen-devel] 20120809 Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS
  • [oss-security] 20120809 Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS
secunia 55082
suse
  • SUSE-SU-2012:1043
  • SUSE-SU-2012:1044
  • openSUSE-SU-2012:1172
  • openSUSE-SU-2012:1174
Last major update 11-10-2013 - 03:44
Published 24-11-2012 - 20:55
Back to Top