Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-5513Improper Input Validation in XEN

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
6.9MEDIUMNVD
EPSS
0.1%
top 65.52%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
XENDebian XEN
Timeline
PublishedDec 13
Latest updateMay 17

Description

The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

debiandebian/xen< xen 4.1.3-5 (bookworm)
Debianxen/xen< 4.1.3-5+3
NVDxen/xen4.2.0+26

🔴Vulnerability Details

3
GHSA
GHSA-g9gx-4mw5-3rg7: The XENMEM_exchange handler in Xen 42022-05-17
Project0
Pandavirtualization: Exploiting the Xen hypervisor - Project Zero2017-04-01
OSV
CVE-2012-5513: The XENMEM_exchange handler in Xen 42012-12-13

💥Exploits & PoCs

1
Exploit-DB
Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout2017-04-11

📋Vendor Advisories

2
Red Hat
kernel: xen: XENMEM_exchange may overwrite hypervisor memory2012-12-03
Debian
CVE-2012-5513: xen - The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the m...2012

💬Community

2
Bugzilla
CVE-2012-5513 kernel: xen: XENMEM_exchange may overwrite hypervisor memory [fedora-all]2012-12-03
Bugzilla
CVE-2012-5513 kernel: xen: XENMEM_exchange may overwrite hypervisor memory2012-11-16