4.9

CVE-2012-4538

The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XenXen Version4.0.0
XenXen Version4.1.0
XenXen Version4.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.352
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
http://secunia.com/advisories/51413
http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html
http://secunia.com/advisories/51324
http://secunia.com/advisories/51352
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
http://secunia.com/advisories/51200
http://secunia.com/advisories/51468
http://www.debian.org/security/2012/dsa-2582
http://www.securityfocus.com/bid/56498
https://security.gentoo.org/glsa/201604-03
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html
Vendor Advisory
http://osvdb.org/87306
http://www.openwall.com/lists/oss-security/2012/11/13/3
http://www.securitytracker.com/id?1027762
https://exchange.xforce.ibmcloud.com/vulnerabilities/80025