CVE-2012-3432 — XEN vulnerability

CWE-2646 documents6 sources

Severity

1.9LOWNVD

EPSS

1.4%

top 19.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedDec 3

Latest updateMay 17

Description

The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.3-1 (bookworm)

▶Debianxen/xen< 4.1.3-1+3

▶NVDxen/xen11 versions+10

🔴Vulnerability Details

GHSA

GHSA-rx77-gcq6-838g: The handle_mmio function in arch/x86/hvm/io↗2022-05-17

▶

OSV

CVE-2012-3432: The handle_mmio function in arch/x86/hvm/io↗2012-12-03

▶

📋Vendor Advisories

Red Hat

kernel: xen: HVM guest user mode MMIO emulation DoS↗2012-07-26

▶

Debian

CVE-2012-3432: xen - The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator fo...↗2012

▶

💬Community

Bugzilla

CVE-2012-3432 kernel: xen: HVM guest user mode MMIO emulation DoS↗2012-07-26

▶