CVE-2012-3495

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-3495 at MITRE

Description

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.

NVD CVSS v2 Base Score: 6.1 (AV:L/AC:L/Au:N/C:P/I:P/A:C)

SUSE information

SUSE Bugzilla entry: 777088

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • vm-install >= 0.5.12-0.5.1
  • xen >= 4.1.3_02-0.5.1
  • xen-doc-html >= 4.1.3_02-0.5.1
  • xen-doc-pdf >= 4.1.3_02-0.5.1
  • xen-kmp-default >= 4.1.3_02_3.0.38_0.5-0.5.1
  • xen-kmp-trace >= 4.1.3_02_3.0.38_0.5-0.5.1
  • xen-libs >= 4.1.3_02-0.5.1
  • xen-libs-32bit >= 4.1.3_02-0.5.1
  • xen-tools >= 4.1.3_02-0.5.1
  • xen-tools-domU >= 4.1.3_02-0.5.1
Patchnames:
sledsp2-xen-201209
SUSE Linux Enterprise Server 11 SP2
  • vm-install >= 0.5.12-0.5.1
  • xen >= 4.1.3_02-0.5.1
  • xen-doc-html >= 4.1.3_02-0.5.1
  • xen-doc-pdf >= 4.1.3_02-0.5.1
  • xen-kmp-default >= 4.1.3_02_3.0.38_0.5-0.5.1
  • xen-kmp-trace >= 4.1.3_02_3.0.38_0.5-0.5.1
  • xen-libs >= 4.1.3_02-0.5.1
  • xen-libs-32bit >= 4.1.3_02-0.5.1
  • xen-tools >= 4.1.3_02-0.5.1
  • xen-tools-domU >= 4.1.3_02-0.5.1
Patchnames:
slessp2-xen-201209
SUSE Linux Enterprise Server for VMWare 11 SP2
  • xen-kmp-trace >= 4.1.3_02_3.0.38_0.5-0.5.1
Patchnames:
slessp2-xen-201209
SUSE Linux Enterprise Software Development Kit 11 SP2
  • xen-devel >= 4.1.3_02-0.5.1
Patchnames:
sdksp2-xen-201209
SUSE Linux Enterprise Software Development Kit 11 SP2
  • xen-devel >= 4.1.3_02-0.5.1
sle11-sp2-sdk.x86
sles11-sp2-vmware.x86-64
sles11-sp2.x86
sled11-sp2.x86
sle11-sp2-sdk.x86-64
sles11-sp2.x86-64
sles11-sp2-vmware.x86
sled11-sp2.x86-64
SAT Patch Nr: 6748
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
  • vm-install >= 0.5.12-0.5.3
  • xen-kmp-default >= 4.1.3_02_3.0.38_0.5-0.5.1
  • xen-kmp-trace >= 4.1.3_02_3.0.38_0.5-0.5.1
  • xen-libs >= 4.1.3_02-0.5.1
  • xen-tools-domU >= 4.1.3_02-0.5.1
sle11-sp2-sdk.x86
sles11-sp2-vmware.x86-64
sles11-sp2.x86
sled11-sp2.x86
sle11-sp2-sdk.x86-64
sles11-sp2.x86-64
sles11-sp2-vmware.x86
sled11-sp2.x86-64
SAT Patch Nr: 6748
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
  • vm-install >= 0.5.12-0.5.1
  • xen >= 4.1.3_02-0.5.1
  • xen-doc-html >= 4.1.3_02-0.5.1
  • xen-doc-pdf >= 4.1.3_02-0.5.1
  • xen-kmp-default >= 4.1.3_02_3.0.38_0.5-0.5.1
  • xen-kmp-trace >= 4.1.3_02_3.0.38_0.5-0.5.1
  • xen-libs >= 4.1.3_02-0.5.1
  • xen-libs-32bit >= 4.1.3_02-0.5.1
  • xen-tools >= 4.1.3_02-0.5.1
  • xen-tools-domU >= 4.1.3_02-0.5.1
sle11-sp2-sdk.x86
sles11-sp2-vmware.x86-64
sles11-sp2.x86
sled11-sp2.x86
sle11-sp2-sdk.x86-64
sles11-sp2.x86-64
sles11-sp2-vmware.x86
sled11-sp2.x86-64
SAT Patch Nr: 6748
SUSE Linux Enterprise Server 11 SP2 for VMware
  • xen-kmp-trace >= 4.1.3_02_3.0.38_0.5-0.5.1
sle11-sp2-sdk.x86
sles11-sp2-vmware.x86-64
sles11-sp2.x86
sled11-sp2.x86
sle11-sp2-sdk.x86-64
sles11-sp2.x86-64
sles11-sp2-vmware.x86
sled11-sp2.x86-64
SAT Patch Nr: 6748
SUSE Linux Enterprise Server 10 SP2 for x86
  • xen >= 3.2.0_16718_26-0.10.1
  • xen-devel >= 3.2.0_16718_26-0.10.1
  • xen-doc-html >= 3.2.0_16718_26-0.10.1
  • xen-doc-pdf >= 3.2.0_16718_26-0.10.1
  • xen-doc-ps >= 3.2.0_16718_26-0.10.1
  • xen-kmp-bigsmp >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
  • xen-kmp-debug >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
  • xen-kmp-default >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
  • xen-kmp-kdump >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
  • xen-kmp-smp >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
  • xen-libs >= 3.2.0_16718_26-0.10.1
  • xen-tools >= 3.2.0_16718_26-0.10.1
  • xen-tools-domU >= 3.2.0_16718_26-0.10.1
  • xen-tools-ioemu >= 3.2.0_16718_26-0.10.1
sles10-sp2-debuginfo.x86
sles10-sp2-ltss.x86
sles10-sp2-debuginfo.x86-64
sles10-sp2-ltss.x86-64
ZYPP Patch Nr: 8260
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T
  • xen >= 3.2.0_16718_26-0.10.1
  • xen-devel >= 3.2.0_16718_26-0.10.1
  • xen-doc-html >= 3.2.0_16718_26-0.10.1
  • xen-doc-pdf >= 3.2.0_16718_26-0.10.1
  • xen-doc-ps >= 3.2.0_16718_26-0.10.1
  • xen-kmp-debug >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
  • xen-kmp-default >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
  • xen-kmp-kdump >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
  • xen-kmp-smp >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
  • xen-libs >= 3.2.0_16718_26-0.10.1
  • xen-libs-32bit >= 3.2.0_16718_26-0.10.1
  • xen-tools >= 3.2.0_16718_26-0.10.1
  • xen-tools-domU >= 3.2.0_16718_26-0.10.1
  • xen-tools-ioemu >= 3.2.0_16718_26-0.10.1
sles10-sp2-debuginfo.x86
sles10-sp2-ltss.x86
sles10-sp2-debuginfo.x86-64
sles10-sp2-ltss.x86-64
ZYPP Patch Nr: 8260