Your submission was sent successfully! Close

CVE-2012-3495

Published: 23 November 2012

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.

Notes

AuthorNote
mdeslaur
This is XSA-13
only affects 4.1
Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric
Released (4.1.1-2ubuntu4.4)
precise
Released (4.1.2-2ubuntu2.4)
quantal Not vulnerable
(4.1.3-3ubuntu1)
raring Not vulnerable

upstream
Released (4.1.3-2)
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.1
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.2
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

natty Not vulnerable

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.