1. CVE-Search
  2. CVE-2012-3496
ID CVE-2012-3496
Summary XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.
References
Vulnerable Configurations
  • cpe:2.3:a:citrix:xenserver:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xenserver:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xenserver:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xenserver:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xenserver:5.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:citrix:xenserver:5.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xenserver:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xenserver:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xenserver:5.6:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xenserver:5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xenserver:5.6:common_criteria:*:*:*:*:*:*
    cpe:2.3:a:citrix:xenserver:5.6:common_criteria:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xenserver:5.6:fp1:*:*:*:*:*:*
    cpe:2.3:a:citrix:xenserver:5.6:fp1:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xenserver:5.6:sp2:*:*:*:*:*:*
    cpe:2.3:a:citrix:xenserver:5.6:sp2:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
CVSS
Base: 4.7 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:N/A:C
refmap via4
bid 55412
confirm
debian DSA-2544
gentoo
  • GLSA-201309-24
  • GLSA-201604-03
misc https://bugzilla.redhat.com/show_bug.cgi?id=854590
mlist
  • [Xen-announce] 20120905 Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability
  • [oss-security] 20120905 Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability
osvdb 85200
sectrack 1027481
secunia
  • 50472
  • 50530
  • 51413
  • 55082
suse
  • SUSE-SU-2012:1132
  • SUSE-SU-2012:1133
  • SUSE-SU-2012:1162
  • openSUSE-SU-2012:1172
  • openSUSE-SU-2012:1174
  • openSUSE-SU-2012:1572
  • openSUSE-SU-2012:1573
xf xen-xenmempopulatephysmap-dos(78267)
Last major update 29-08-2017 - 01:31
Published 23-11-2012 - 20:55
Last modified 29-08-2017 - 01:31
Back to Top