CVE-2012-4535 — Infinite Loop in XEN

CWE-3997 documents6 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 71.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedNov 21

Latest updateMay 17

Description

Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.3-4 (bookworm)

▶Debianxen/xen< 4.1.3-4+3

▶NVDxen/xen15 versions+14

🔴Vulnerability Details

GHSA

GHSA-cjmp-9gj7-24m6: Xen 3↗2022-05-17

▶

OSV

CVE-2012-4535: Xen 3↗2012-11-21

▶

📋Vendor Advisories

Red Hat

kernel: xen: VCPU timer overflow leads to PCPU deadlock and host death-by-watchdog↗2012-11-13

▶

Debian

CVE-2012-4535: xen - Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS admini...↗2012

▶

💬Community

Bugzilla

CVE-2012-4535 kernel: xen: VCPU timer overflow leads to PCPU deadlock and host death-by-watchdog [fedora-all]↗2012-11-13

▶

Bugzilla

CVE-2012-4535 kernel: xen: VCPU timer overflow leads to PCPU deadlock and host death-by-watchdog↗2012-10-25

▶