CVE-2012-0218 — XEN vulnerability

6 documents6 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 79.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedDec 3

Latest updateMay 4

Description

Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1 (bookworm)

▶Debianxen/xen< 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1+3

▶NVDxen/xen3.4.0, 4.0.0, 4.1.0+2

Patches

Patch: lists.xen.org ↗Patch: lists.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-j3pq-42jm-m8p4: Xen 3↗2022-05-04

▶

OSV

CVE-2012-0218: Xen 3↗2012-12-03

▶

📋Vendor Advisories

Red Hat

kernel: xen: guest denial of service on syscall/sysenter exception generation↗2012-06-12

▶

Debian

CVE-2012-0218: xen - Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a sysc...↗2012

▶

💬Community

Bugzilla

CVE-2012-0218 kernel: xen: guest denial of service on syscall/sysenter exception generation↗2012-04-18

▶