CVE-2012-2934 — XEN vulnerability

6 documents6 sources

Severity

1.9LOWNVD

OSV7.2

EPSS

0.2%

top 62.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedDec 3

Latest updateMay 17

Description

Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1 (bookworm)

▶Debianxen/xen< 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1+3

▶NVDxen/xen4.0.0, 4.1.0+1

Patches

Patch: lists.xen.org ↗Patch: lists.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-48m3-5gf3-cq84: Xen 4↗2022-05-17

▶

OSV

CVE-2012-2934: Xen 4↗2012-12-03

▶

📋Vendor Advisories

Red Hat

kernel: denial of service due to AMD Erratum #121↗2012-06-12

▶

Debian

CVE-2012-2934: xen - Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not p...↗2012

▶

💬Community

Bugzilla

CVE-2012-2934 kernel: denial of service due to AMD Erratum #121↗2012-05-24

▶