CVE-2012-4411 — Sensitive Information Exposure in XEN

CWE-200 — Sensitive Information Exposure CWE-284 — Improper Access Control7 documents6 sources

Severity

4.6MEDIUMNVD

OSV4.3

EPSS

0.1%

top 78.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedNov 23

Latest updateMay 17

Description

The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.

CVSS vector

AV:L/AC:L/C:C/I:N/A:NExploitability: 3.1 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.3-2 (bookworm)

▶Debianxen/xen< 4.1.3-2+3

▶NVDxen/xen4.0.0, 4.1.0, 4.2.0+2

🔴Vulnerability Details

GHSA

GHSA-9p2j-vm53-43vm: The graphical console in Xen 4↗2022-05-17

▶

OSV

CVE-2012-4411: The graphical console in Xen 4↗2012-11-23

▶

📋Vendor Advisories

Red Hat

xen: qemu: guest administrator can access qemu monitor console↗2012-09-06

▶

Debian

CVE-2012-4411: xen - The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrato...↗2012

▶

💬Community

Bugzilla

CVE-2012-4411 xen: qemu: guest administrator can access qemu monitor console [fedora-all]↗2012-09-06

▶

Bugzilla

CVE-2012-4411 xen: qemu: guest administrator can access qemu monitor console↗2012-09-06

▶