CVE-2012-5510medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.
References
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
http://secunia.com/advisories/51397
http://secunia.com/advisories/51468
http://secunia.com/advisories/51486
http://secunia.com/advisories/51487
http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://support.citrix.com/article/CTX135777
http://www.debian.org/security/2012/dsa-2582
http://www.openwall.com/lists/oss-security/2012/12/03/6
Details
Source: MITRE
Published: 2012-12-13
Updated: 2017-08-29
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 4.7
Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.4
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 84140 | OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom) | Nessus | OracleVM Local Security Checks | low |
| 83616 | SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1) | Nessus | SuSE Local Security Checks | high |
| 79491 | OracleVM 3.1 : xen (OVMSA-2012-0057) | Nessus | OracleVM Local Security Checks | medium |
| 79490 | OracleVM 3.0 : xen (OVMSA-2012-0056) | Nessus | OracleVM Local Security Checks | medium |
| 74967 | openSUSE Security Update : xen (openSUSE-SU-2013:0637-1) | Nessus | SuSE Local Security Checks | high |
| 74966 | openSUSE Security Update : xen (openSUSE-SU-2013:0636-1) | Nessus | SuSE Local Security Checks | high |
| 74852 | openSUSE Security Update : xen (openSUSE-SU-2012:1685-1) | Nessus | SuSE Local Security Checks | medium |
| 74850 | openSUSE Security Update : xen (openSUSE-SU-2012:1687-1) | Nessus | SuSE Local Security Checks | medium |
| 70184 | GLSA-201309-24 : Xen: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 65797 | SuSE 11.2 Security Update : Xen (SAT Patch Number 7492) | Nessus | SuSE Local Security Checks | high |
| 64232 | SuSE 11.2 Security Update : Xen (SAT Patch Number 7133) | Nessus | SuSE Local Security Checks | medium |
| 63275 | Fedora 16 : xen-4.1.3-6.fc16 (2012-19828) | Nessus | Fedora Local Security Checks | medium |
| 63252 | Fedora 17 : xen-4.1.3-7.fc17 (2012-19717) | Nessus | Fedora Local Security Checks | medium |
| 63239 | Fedora 18 : xen-4.2.0-6.fc18 (2012-19652) | Nessus | Fedora Local Security Checks | medium |
| 63188 | Debian DSA-2582-1 : xen - several vulnerabilities | Nessus | Debian Local Security Checks | medium |