CVE-2012-3495

Published: Nov 23, 2012Modified: Apr 29, 2026

6.1

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:C

Exploitability: 3.9 / Impact: 8.5

Source: NVD

Description

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.

Affected (11)

Products: Citrix: Xenserver · Xen: Xen

1 product

1 product

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Citrix Xenserver	Up to 6.0.2
Citrix Xenserver	Version 5.0
Citrix Xenserver	Version 5.5
Citrix Xenserver	Version 5.6
Citrix Xenserver	Version 5.6 fp1
Citrix Xenserver	Version 5.6 sp2
Citrix Xenserver	Version 6.0
Xen Xen	Version 4.1.0
Xen Xen	Version 4.1.1
Xen Xen	Version 4.1.2
Xen Xen	Version 4.1.3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (32)

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html

Source: secalert@redhat.com

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html

Source: secalert@redhat.com

http://secunia.com/advisories/51413

Source: secalert@redhat.com

http://secunia.com/advisories/55082

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-201309-24.xml

Source: secalert@redhat.com

http://support.citrix.com/article/CTX134708

Source: secalert@redhat.com

http://wiki.xen.org/wiki/Security_Announcements#XSA-13_hypercall_physdev_get_free_pirq_vulnerability

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/05/6

Source: secalert@redhat.com

http://www.securityfocus.com/bid/55406

Source: secalert@redhat.com

http://www.securitytracker.com/id?1027480

Source: secalert@redhat.com

http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/6779ddca8593

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201604-03

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/51413

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/55082

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201309-24.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.citrix.com/article/CTX134708

Source: af854a3a-2127-422b-91ae-364da2661108

http://wiki.xen.org/wiki/Security_Announcements#XSA-13_hypercall_physdev_get_free_pirq_vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/09/05/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/55406

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1027480

Source: af854a3a-2127-422b-91ae-364da2661108

http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/6779ddca8593

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201604-03

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.