CVE-2012-2934

kernel: denial of service due to AMD Erratum #121

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.

Xen v4.0 y v4.1, cuando se ejecuta un cliente PV de 64-bit en CPUs AMD "antiguas", no protege adecuadamente contra un determiando fallo del procesador AMD, lo que permite a usuarios de sistemas operativos huesped provocar una denegación de servicio (caída del host) a través de la ejecución secuencial de las instrucciones. Se trata de una vulnerabilidad diferente a CVE-2012-0217a.

The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Adjacent

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-05-24 CVE Reserved
2012-06-12 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
http://secunia.com/advisories/51413	Third Party Advisory
http://secunia.com/advisories/55082	Third Party Advisory
http://support.amd.com/us/Processor_TechDocs/25759.pdf	X_refsource_misc
http://www.securityfocus.com/bid/53961	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html	2014-05-05

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html	2014-05-05
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html	2014-05-05
http://security.gentoo.org/glsa/glsa-201309-24.xml	2014-05-05
http://www.debian.org/security/2012/dsa-2501	2014-05-05
https://access.redhat.com/security/cve/CVE-2012-2934	2012-06-12
https://bugzilla.redhat.com/show_bug.cgi?id=824966	2012-06-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.0.0 Search vendor "Xen" for product "Xen" and version "4.0.0"		x64		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.1.0 Search vendor "Xen" for product "Xen" and version "4.1.0"		x64		Affected