CVE-2012-4538

Publication date 24 November 2012

Last updated 24 July 2024

Ubuntu priority

Description

The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xen	12.10 quantal	Fixed 4.1.3-3ubuntu1.1
	12.04 LTS precise	Fixed 4.1.2-2ubuntu2.3
	11.10 oneiric	Fixed 4.1.1-2ubuntu4.3
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release
xen-3.1	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not affected
xen-3.2	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not affected
xen-3.3	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not in release

Notes

seth-arnold

significant mitigating factors, may not be an issue for all sites

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
xen	Upstream: http://lists.xen.org/archives/html/xen-announce/2012-11/binA2nERyoTh7.bin