Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0217 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Xenserver

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents10 sources

Severity

7.2HIGHNVD

EPSS

88.0%

top 0.52%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

XEN Citrix Xenserver Freebsd +5 more

Timeline

PublishedJun 12

Latest updateMay 4

Description

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain addres…

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages9 packages

▶NVDcitrix/xenserver6.0.2+1

▶NVDmicrosoft/windowsr2

▶NVDjoyent/smartos20120614

▶NVDnetbsd/netbsd6.0

▶NVDfreebsd/freebsd9.0

🔴Vulnerability Details

GHSA

GHSA-q644-363q-jfmm: The x86-64 kernel system-call functionality in Xen 4↗2022-05-04

▶

CVEList

CVE-2012-0217: The x86-64 kernel system-call functionality in Xen 4↗2012-06-12

▶

OSV

CVE-2012-0217: The x86-64 kernel system-call functionality in Xen 4↗2012-06-12

▶

💥Exploits & PoCs

Exploit-DB

FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)↗2019-03-07

▶

Exploit-DB

FreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation↗2013-10-04

▶

Exploit-DB

Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042)↗2012-08-27

▶

📋Vendor Advisories

Red Hat

kernel: x86-64: avoid sysret to non-canonical address↗2012-06-12

▶

BSD

FreeBSD-SA-12:04.sysret: Privilege escalation when returning from kernel↗2012-06-12

▶

Citrix

CVE-2012-0217: The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris↗2012-06-12

▶

Red Hat

kernel: denial of service due to AMD Erratum #121↗2012-06-12

▶

Debian

CVE-2012-0217: xen - The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in...↗2012

▶

💬Community

Bugzilla

CVE-2012-0217 kernel: x86-64: avoid sysret to non-canonical address↗2012-04-17

▶