CVE-2012-5634 — XEN vulnerability

CWE-167 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 41.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedFeb 14

Latest updateMay 17

Description

Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.3-8 (bookworm)

▶Debianxen/xen< 4.1.3-8+3

▶NVDxen/xen8 versions+7

🔴Vulnerability Details

GHSA

GHSA-wmqh-ggr8-mwm7: Xen 4↗2022-05-17

▶

OSV

CVE-2012-5634: Xen 4↗2013-02-14

▶

📋Vendor Advisories

Red Hat

kernel: xen: VT-d interrupt remapping source validation flaw↗2013-01-08

▶

Debian

CVE-2012-5634: xen - Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not p...↗2012

▶

💬Community

Bugzilla

CVE-2012-5634 kernel: xen: VT-d interrupt remapping source validation flaw [fedora-all]↗2013-01-09

▶

Bugzilla

CVE-2012-5634 kernel: xen: VT-d interrupt remapping source validation flaw↗2012-12-13

▶