CVE-2012-5510 — XEN vulnerability

7 documents6 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 74.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedDec 13

Latest updateMay 17

Description

Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.3-5 (bookworm)

▶Debianxen/xen< 4.1.3-5+3

▶NVDxen/xen10 versions+9

🔴Vulnerability Details

GHSA

GHSA-9vf6-5gq4-g9w2: Xen 4↗2022-05-17

▶

OSV

CVE-2012-5510: Xen 4↗2012-12-13

▶

📋Vendor Advisories

Red Hat

kernel: xen: Grant table version switch list corruption vulnerability↗2012-12-03

▶

Debian

CVE-2012-5510: xen - Xen 4.x, when downgrading the grant table version, does not properly remove the ...↗2012

▶

💬Community

Bugzilla

CVE-2012-5510 kernel: xen: Grant table version switch list corruption vulnerability [fedora-all]↗2012-12-03

▶

Bugzilla

CVE-2012-5510 kernel: xen: Grant table version switch list corruption vulnerability↗2012-11-16

▶