CVE-2012-3495
published 2012-11-23CVE-2012-3495: The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq…
medium6.1CVSS 3.1
AVLACLAuNCPIPAC
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | xenserver | <= 6.0.2 | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| debian | xen | < xen 4.1.3-2 (bookworm) | xen 4.1.3-2 (bookworm) |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | >= 0 < 4.1.3-2 | 4.1.3-2 |
| xen | xen | >= 0 < 4.1.3-2 | 4.1.3-2 |
| xen | xen | >= 0 < 4.1.3-2 | 4.1.3-2 |
| xen | xen | >= 0 < 4.1.3-2 | 4.1.3-2 |
CVSS provenance
nvd6.1MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:C
osv6.1MEDIUM