ID CVE-2012-5515
Summary The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value.
References
Vulnerable Configurations
  • cpe:2.3:o:xen:xen:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.1.6:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.1.6:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
CVSS
Base: 4.7 (as of 29-08-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:N/A:C
redhat via4
advisories
bugzilla
id 877397
title CVE-2012-5515 kernel: xen: Several memory hypercall operations allow invalid extent order values
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment kernel is earlier than 0:2.6.18-348.1.1.el5
        oval oval:com.redhat.rhsa:tst:20130168002
      • comment kernel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314003
    • AND
      • comment kernel-PAE is earlier than 0:2.6.18-348.1.1.el5
        oval oval:com.redhat.rhsa:tst:20130168022
      • comment kernel-PAE is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314021
    • AND
      • comment kernel-PAE-devel is earlier than 0:2.6.18-348.1.1.el5
        oval oval:com.redhat.rhsa:tst:20130168020
      • comment kernel-PAE-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314023
    • AND
      • comment kernel-debug is earlier than 0:2.6.18-348.1.1.el5
        oval oval:com.redhat.rhsa:tst:20130168012
      • comment kernel-debug is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314015
    • AND
      • comment kernel-debug-devel is earlier than 0:2.6.18-348.1.1.el5
        oval oval:com.redhat.rhsa:tst:20130168010
      • comment kernel-debug-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314009
    • AND
      • comment kernel-devel is earlier than 0:2.6.18-348.1.1.el5
        oval oval:com.redhat.rhsa:tst:20130168006
      • comment kernel-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314007
    • AND
      • comment kernel-doc is earlier than 0:2.6.18-348.1.1.el5
        oval oval:com.redhat.rhsa:tst:20130168024
      • comment kernel-doc is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314025
    • AND
      • comment kernel-headers is earlier than 0:2.6.18-348.1.1.el5
        oval oval:com.redhat.rhsa:tst:20130168004
      • comment kernel-headers is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314005
    • AND
      • comment kernel-kdump is earlier than 0:2.6.18-348.1.1.el5
        oval oval:com.redhat.rhsa:tst:20130168018
      • comment kernel-kdump is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314017
    • AND
      • comment kernel-kdump-devel is earlier than 0:2.6.18-348.1.1.el5
        oval oval:com.redhat.rhsa:tst:20130168016
      • comment kernel-kdump-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314019
    • AND
      • comment kernel-xen is earlier than 0:2.6.18-348.1.1.el5
        oval oval:com.redhat.rhsa:tst:20130168008
      • comment kernel-xen is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314011
    • AND
      • comment kernel-xen-devel is earlier than 0:2.6.18-348.1.1.el5
        oval oval:com.redhat.rhsa:tst:20130168014
      • comment kernel-xen-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhba:tst:20080314013
rhsa
id RHSA-2013:0168
released 2013-01-22
severity Moderate
title RHSA-2013:0168: kernel security and bug fix update (Moderate)
rpms
  • kernel-0:2.6.18-348.1.1.el5
  • kernel-PAE-0:2.6.18-348.1.1.el5
  • kernel-PAE-devel-0:2.6.18-348.1.1.el5
  • kernel-debug-0:2.6.18-348.1.1.el5
  • kernel-debug-devel-0:2.6.18-348.1.1.el5
  • kernel-devel-0:2.6.18-348.1.1.el5
  • kernel-doc-0:2.6.18-348.1.1.el5
  • kernel-headers-0:2.6.18-348.1.1.el5
  • kernel-kdump-0:2.6.18-348.1.1.el5
  • kernel-kdump-devel-0:2.6.18-348.1.1.el5
  • kernel-xen-0:2.6.18-348.1.1.el5
  • kernel-xen-devel-0:2.6.18-348.1.1.el5
refmap via4
bid 56798
confirm http://support.citrix.com/article/CTX135777
debian DSA-2582
gentoo GLSA-201309-24
mlist
  • [Xen-announce] 20121203 Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values
  • [oss-security] 20121203 Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values
osvdb 88127
secunia
  • 51397
  • 51468
  • 51486
  • 51487
  • 51495
  • 55082
suse
  • SUSE-SU-2012:1606
  • SUSE-SU-2012:1615
  • SUSE-SU-2014:0446
  • SUSE-SU-2014:0470
  • openSUSE-SU-2012:1685
  • openSUSE-SU-2012:1687
  • openSUSE-SU-2013:0133
  • openSUSE-SU-2013:0636
  • openSUSE-SU-2013:0637
xf xen-extentorder-dos(80479)
Last major update 29-08-2017 - 01:32
Published 13-12-2012 - 11:53
Back to Top