CVE-2012-3494

Published: Nov 23, 2012Modified: Apr 29, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.

Affected (8)

Products: Citrix: Xenserver · Xen: Xen

1 product

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Citrix Xenserver	Up to 6.0.2
Citrix Xenserver	Up to 6.0.2
Xen Xen	Version 4.0.0
Xen Xen	Version 4.0.0
Xen Xen	Version 4.1.0
Xen Xen	Version 4.1.0
Xen Xen	Version 4.2.0
Xen Xen	Version 4.2.0

Related CWEs

References (50)

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html

Source: secalert@redhat.com

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html

Source: secalert@redhat.com

http://osvdb.org/85197

Source: secalert@redhat.com

http://secunia.com/advisories/50472

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/50530

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/51413

Source: secalert@redhat.com

http://secunia.com/advisories/55082

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-201309-24.xml

Source: secalert@redhat.com

http://support.citrix.com/article/CTX134708

Source: secalert@redhat.com

PatchVendor Advisory

http://wiki.xen.org/wiki/Security_Announcements#XSA-12_hypercall_set_debugreg_vulnerability

Source: secalert@redhat.com

http://www.debian.org/security/2012/dsa-2544

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/05/5

Source: secalert@redhat.com

http://www.securityfocus.com/bid/55400

Source: secalert@redhat.com

http://www.securitytracker.com/id?1027479

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=851139

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/78265

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201604-03

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/85197

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/50472

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/50530

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/51413

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/55082

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201309-24.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.citrix.com/article/CTX134708

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://wiki.xen.org/wiki/Security_Announcements#XSA-12_hypercall_set_debugreg_vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2012/dsa-2544

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/09/05/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/55400

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1027479

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=851139

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/78265

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201604-03

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.