CVE-2012-0218

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.

References

http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html

http://secunia.com/advisories/55082

http://security.gentoo.org/glsa/glsa-201309-24.xml

http://www.debian.org/security/2012/dsa-2501

Details

Source: MITRE

Published: 2012-12-03

Updated: 2013-10-11

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
79478OracleVM 2.2 : xen (OVMSA-2012-0022)NessusOracleVM Local Security Checks
high
79477OracleVM 3.1 : xen (OVMSA-2012-0021)NessusOracleVM Local Security Checks
high
74683openSUSE Security Update : xen (openSUSE-2012-404)NessusSuSE Local Security Checks
high
74682openSUSE Security Update : xen (openSUSE-SU-2012:0886-1)NessusSuSE Local Security Checks
high
70184GLSA-201309-24 : Xen: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
64233SuSE 11.1 Security Update : Xen (SAT Patch Number 6399)NessusSuSE Local Security Checks
high
59779Debian DSA-2501-1 : xen - several vulnerabilitiesNessusDebian Local Security Checks
high
59469SuSE 10 Security Update : Xen (ZYPP Patch Number 8180)NessusSuSE Local Security Checks
high