CVE-2012-4535

LOW
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."

References

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html

http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html

http://osvdb.org/87298

http://rhn.redhat.com/errata/RHSA-2012-1540.html

http://secunia.com/advisories/51200

http://secunia.com/advisories/51324

http://secunia.com/advisories/51352

http://secunia.com/advisories/51413

http://secunia.com/advisories/51468

http://secunia.com/advisories/55082

http://security.gentoo.org/glsa/glsa-201309-24.xml

http://www.debian.org/security/2012/dsa-2582

http://www.openwall.com/lists/oss-security/2012/11/13/1

http://www.securityfocus.com/bid/56498

http://www.securitytracker.com/id?1027759

https://exchange.xforce.ibmcloud.com/vulnerabilities/80022

https://security.gentoo.org/glsa/201604-03

Details

Source: MITRE

Published: 2012-11-21

Updated: 2017-08-29

Type: CWE-399

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
90380GLSA-201604-03 : Xen: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
critical
84140OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)NessusOracleVM Local Security Checks
low
83617SUSE SLES10 Security Update : Xen (SUSE-SU-2014:0470-1)NessusSuSE Local Security Checks
medium
83616SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)NessusSuSE Local Security Checks
high
83564SUSE SLED10 / SLES10 Security Update : Xen (SUSE-SU-2012:1487-1)NessusSuSE Local Security Checks
medium
79489OracleVM 3.1 : xen (OVMSA-2012-0051)NessusOracleVM Local Security Checks
medium
79488OracleVM 3.0 : xen (OVMSA-2012-0050)NessusOracleVM Local Security Checks
medium
79487OracleVM 2.2 : xen (OVMSA-2012-0049)NessusOracleVM Local Security Checks
low
74852openSUSE Security Update : xen (openSUSE-SU-2012:1685-1)NessusSuSE Local Security Checks
medium
74850openSUSE Security Update : xen (openSUSE-SU-2012:1687-1)NessusSuSE Local Security Checks
medium
74821openSUSE Security Update : XEN (openSUSE-SU-2012:1573-1)NessusSuSE Local Security Checks
high
74820openSUSE Security Update : XEN (openSUSE-SU-2012:1572-1)NessusSuSE Local Security Checks
high
70184GLSA-201309-24 : Xen: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
68663Oracle Linux 5 : kernel (ELSA-2012-1540)NessusOracle Linux Local Security Checks
medium
68662Oracle Linux 5 : kernel (ELSA-2012-1540-1)NessusOracle Linux Local Security Checks
medium
64238SuSE 11.2 Security Update : Xen (SAT Patch Number 7018)NessusSuSE Local Security Checks
medium
64232SuSE 11.2 Security Update : Xen (SAT Patch Number 7133)NessusSuSE Local Security Checks
medium
64201SuSE 11.2 Security Update : libvirt (SAT Patch Number 7015)NessusSuSE Local Security Checks
medium
63188Debian DSA-2582-1 : xen - several vulnerabilitiesNessusDebian Local Security Checks
medium
63183Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20121204)NessusScientific Linux Local Security Checks
medium
63171CentOS 5 : kernel (CESA-2012:1540)NessusCentOS Local Security Checks
medium
63152RHEL 5 : kernel (RHSA-2012:1540)NessusRed Hat Local Security Checks
medium
63032Fedora 18 : xen-4.2.0-4.fc18 (2012-18146)NessusFedora Local Security Checks
medium
63010Fedora 16 : xen-4.1.3-4.fc16 (2012-18249)NessusFedora Local Security Checks
medium
63009Fedora 17 : xen-4.1.3-6.fc17 (2012-18242)NessusFedora Local Security Checks
medium
62963SuSE 10 Security Update : Xen (ZYPP Patch Number 8359)NessusSuSE Local Security Checks
medium