CVE-2012-3516

Published: 23 November 2012

The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location.

Priority

Medium

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream Needed

Patches:
Upstream: http://xenbits.xen.org/hg/xen-unstable.hg/rev/93e5a791d076
xen-3.1
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

xen-3.2
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

xen-3.3
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Notes

AuthorNote
seth-arnold
Hypercall was added in 4.2
Warning: for raring, version '4.2.0-1ubuntu2' is in -proposed
is this version vulnerable or patched?
mdeslaur
introduced by http://xenbits.xen.org/hg/xen-unstable.hg/rev/d115844ebfbb
fixed by http://xenbits.xen.org/hg/xen-unstable.hg/rev/93e5a791d076

References