CVE-2012-4537 — Reachable Assertion in XEN

CWE-167 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 71.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedNov 21

Latest updateMay 17

Description

Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability."

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.3-4 (bookworm)

▶Debianxen/xen< 4.1.3-4+3

▶NVDxen/xen15 versions+14

🔴Vulnerability Details

GHSA

GHSA-m3g8-h8w3-8hqm: Xen 3↗2022-05-17

▶

OSV

CVE-2012-4537: Xen 3↗2012-11-21

▶

📋Vendor Advisories

Red Hat

kernel: xen: Memory mapping failure can crash Xen↗2012-11-13

▶

Debian

CVE-2012-4537: xen - Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchroniz...↗2012

▶

💬Community

Bugzilla

CVE-2012-4537 kernel: xen: Memory mapping failure can crash Xen [fedora-all]↗2012-11-13

▶

Bugzilla

CVE-2012-4537 kernel: xen: Memory mapping failure can crash Xen↗2012-10-25

▶