CVE-2012-3433 — XEN vulnerability

CWE-3996 documents6 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 77.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedNov 24

Latest updateMay 17

Description

Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.3-1 (bookworm)

▶Debianxen/xen< 4.1.3-1+3

▶NVDxen/xen4.0.0, 4.1.0+1

🔴Vulnerability Details

GHSA

GHSA-4r2q-mgcp-7w6w: Xen 4↗2022-05-17

▶

OSV

CVE-2012-3433: Xen 4↗2012-11-24

▶

📋Vendor Advisories

Red Hat

kernel: xen: HVM guest destroy p2m teardown host DoS vulnerability↗2012-08-09

▶

Debian

CVE-2012-3433: xen - Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (...↗2012

▶

💬Community

Bugzilla

CVE-2012-3433 kernel: xen: HVM guest destroy p2m teardown host DoS vulnerability↗2012-07-26

▶