CVE-2012-6333 — XEN vulnerability

CWE-3998 documents6 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 78.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedDec 13

Latest updateMay 17

Description

Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input.

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.3-8 (bookworm)

▶Debianxen/xen< 4.1.3-8+3

▶NVDxen/xen12 versions+11

🔴Vulnerability Details

GHSA

GHSA-32g2-hc9h-69wc: Multiple HVM control operations in Xen 3↗2022-05-17

▶

OSV

CVE-2012-6333: Multiple HVM control operations in Xen 3↗2012-12-13

▶

📋Vendor Advisories

Red Hat

kernel: xen: several HVM operations do not validate the range of their inputs↗2012-12-03

▶

Debian

CVE-2012-6333: xen - Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS ...↗2012

▶

💬Community

Bugzilla

CVE-2012-6333 kernel: xen: Several HVM operations do not validate the range of their inputs (a different vulnerability than CVE-2012-5511)↗2012-12-13

▶

Bugzilla

CVE-2012-5511 CVE-2012-6333 kernel: xen: several HVM operations do not validate the range of their inputs [fedora-all]↗2012-12-03

▶

Bugzilla

CVE-2012-5511 CVE-2012-6333 kernel: xen: several HVM operations do not validate the range of their inputs↗2012-11-16

▶