ID CVE-2012-2934
Summary Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.
References
Vulnerable Configurations
  • cpe:2.3:o:xen:xen:4.0.0:-:*:*:*:*:x64:*
    cpe:2.3:o:xen:xen:4.0.0:-:*:*:*:*:x64:*
  • cpe:2.3:o:xen:xen:4.1.0:-:*:*:*:*:x64:*
    cpe:2.3:o:xen:xen:4.1.0:-:*:*:*:*:x64:*
CVSS
Base: 1.9 (as of 05-05-2014 - 05:11)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 824966
title CVE-2012-2934 kernel: denial of service due to AMD Erratum #121
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment kernel is earlier than 0:2.6.18-308.8.2.el5
        oval oval:com.redhat.rhsa:tst:20120721002
      • comment kernel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314003
    • AND
      • comment kernel-PAE is earlier than 0:2.6.18-308.8.2.el5
        oval oval:com.redhat.rhsa:tst:20120721020
      • comment kernel-PAE is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314021
    • AND
      • comment kernel-PAE-devel is earlier than 0:2.6.18-308.8.2.el5
        oval oval:com.redhat.rhsa:tst:20120721022
      • comment kernel-PAE-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314023
    • AND
      • comment kernel-debug is earlier than 0:2.6.18-308.8.2.el5
        oval oval:com.redhat.rhsa:tst:20120721008
      • comment kernel-debug is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314015
    • AND
      • comment kernel-debug-devel is earlier than 0:2.6.18-308.8.2.el5
        oval oval:com.redhat.rhsa:tst:20120721012
      • comment kernel-debug-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314009
    • AND
      • comment kernel-devel is earlier than 0:2.6.18-308.8.2.el5
        oval oval:com.redhat.rhsa:tst:20120721010
      • comment kernel-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314007
    • AND
      • comment kernel-doc is earlier than 0:2.6.18-308.8.2.el5
        oval oval:com.redhat.rhsa:tst:20120721024
      • comment kernel-doc is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314025
    • AND
      • comment kernel-headers is earlier than 0:2.6.18-308.8.2.el5
        oval oval:com.redhat.rhsa:tst:20120721004
      • comment kernel-headers is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314005
    • AND
      • comment kernel-kdump is earlier than 0:2.6.18-308.8.2.el5
        oval oval:com.redhat.rhsa:tst:20120721016
      • comment kernel-kdump is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314017
    • AND
      • comment kernel-kdump-devel is earlier than 0:2.6.18-308.8.2.el5
        oval oval:com.redhat.rhsa:tst:20120721018
      • comment kernel-kdump-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314019
    • AND
      • comment kernel-xen is earlier than 0:2.6.18-308.8.2.el5
        oval oval:com.redhat.rhsa:tst:20120721014
      • comment kernel-xen is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314011
    • AND
      • comment kernel-xen-devel is earlier than 0:2.6.18-308.8.2.el5
        oval oval:com.redhat.rhsa:tst:20120721006
      • comment kernel-xen-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314013
rhsa
id RHSA-2012:0721
released 2012-06-12
severity Important
title RHSA-2012:0721: kernel security update (Important)
rpms
  • kernel-0:2.6.18-308.8.2.el5
  • kernel-PAE-0:2.6.18-308.8.2.el5
  • kernel-PAE-devel-0:2.6.18-308.8.2.el5
  • kernel-debug-0:2.6.18-308.8.2.el5
  • kernel-debug-devel-0:2.6.18-308.8.2.el5
  • kernel-devel-0:2.6.18-308.8.2.el5
  • kernel-doc-0:2.6.18-308.8.2.el5
  • kernel-headers-0:2.6.18-308.8.2.el5
  • kernel-kdump-0:2.6.18-308.8.2.el5
  • kernel-kdump-devel-0:2.6.18-308.8.2.el5
  • kernel-xen-0:2.6.18-308.8.2.el5
  • kernel-xen-devel-0:2.6.18-308.8.2.el5
refmap via4
bid 53961
debian DSA-2501
gentoo GLSA-201309-24
misc http://support.amd.com/us/Processor_TechDocs/25759.pdf
mlist [Xen-announce] 20120612 [Xen-announce] Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121)
secunia
  • 51413
  • 55082
suse
  • openSUSE-SU-2012:1572
  • openSUSE-SU-2012:1573
Last major update 05-05-2014 - 05:11
Published 03-12-2012 - 21:55
Back to Top