Back to search
CVE-2012-3495
Published: Nov 23, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
55082
third-party-advisory
x_refsource_SECUNIA
http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/6779ddca8593
x_refsource_CONFIRM
[Xen-announce] 20120905 Xen Security Advisory 13 (CVE-2012-3495) - hypercall physdev_get_free_pirq vulnerability
mailing-list
x_refsource_MLIST
51413
third-party-advisory
x_refsource_SECUNIA
GLSA-201309-24
vendor-advisory
x_refsource_GENTOO
openSUSE-SU-2012:1572
vendor-advisory
x_refsource_SUSE
55406
vdb-entry
x_refsource_BID
1027480
vdb-entry
x_refsource_SECTRACK
GLSA-201604-03
vendor-advisory
x_refsource_GENTOO
SUSE-SU-2012:1132
vendor-advisory
x_refsource_SUSE
http://support.citrix.com/article/CTX134708
x_refsource_CONFIRM
[oss-security] 20120905 Xen Security Advisory 13 (CVE-2012-3495) - hypercall physdev_get_free_pirq vulnerability
mailing-list
x_refsource_MLIST
SUSE-SU-2012:1133
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2012:1573
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2012:1172
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now