CVE-2012-3495

Published: 23 November 2012

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.

Notes

Author	Note
mdeslaur	This is XSA-13 only affects 4.1

Priority

Status

Package	Release	Status
xen Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Does not exist
	oneiric	Released (4.1.1-2ubuntu4.4)
	precise	Released (4.1.2-2ubuntu2.4)
	quantal	Not vulnerable (4.1.3-3ubuntu1)
	raring	Not vulnerable
	upstream	Released (4.1.3-2)
	Binaries built from this source package are in Universe and so are supported by the community.
xen-3.1 Launchpad, Ubuntu, Debian	hardy	Not vulnerable
	lucid	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	upstream	Needs triage
	Binaries built from this source package are in Universe and so are supported by the community.
xen-3.2 Launchpad, Ubuntu, Debian	hardy	Not vulnerable
	lucid	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	upstream	Needs triage
	Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable
	natty	Not vulnerable
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	upstream	Needs triage
	Binaries built from this source package are in Universe and so are supported by the community.

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764

CVE-2012-3495

Notes

Medium

Status

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading