CVE-2012-3494
Gentoo Linux Security Advisory 201309-24
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.
La hiperllamada et_debugreg en include/asm-x86/debugreg.h en Xen v4.0, v4.1, y v4.2, y Citrix XenServer v6.0.2 y anteriores, cuando se ejecuta sobre systemas x86-64, permite a usuarios locales del SO invitado generar una denegación de servicio (caída del host) mediante la escritura de ciertos bits reservados para el registro de control DR
Multiple vulnerabilities have been found in Xen, allowing attackers on a Xen Virtual Machine to execute arbitrary code, cause Denial of Service, or gain access to data on the host. Versions less than 4.2.2-r1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-06-14 CVE Reserved
- 2012-09-10 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (25)
| URL | Tag | Source |
|---|---|---|
| http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html | Mailing List | |
| http://osvdb.org/85197 | Vdb Entry | |
| http://secunia.com/advisories/51413 | Third Party Advisory | |
| http://secunia.com/advisories/55082 | Third Party Advisory | |
| http://wiki.xen.org/wiki/Security_Announcements#XSA-12_hypercall_set_debugreg_vulnerability | X_refsource_misc | |
| http://www.openwall.com/lists/oss-security/2012/09/05/5 | Mailing List |
|
| http://www.securityfocus.com/bid/55400 | Vdb Entry | |
| http://www.securitytracker.com/id?1027479 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=851139 | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78265 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.citrix.com/article/CTX134708 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | <= 6.0.2 Search vendor "Citrix" for product "Xenserver" and version " <= 6.0.2" | x64 |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | <= 6.0.2 Search vendor "Citrix" for product "Xenserver" and version " <= 6.0.2" | x86 |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.0.0 Search vendor "Xen" for product "Xen" and version "4.0.0" | x64 |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.0.0 Search vendor "Xen" for product "Xen" and version "4.0.0" | x86 |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.1.0 Search vendor "Xen" for product "Xen" and version "4.1.0" | x64 |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.1.0 Search vendor "Xen" for product "Xen" and version "4.1.0" | x86 |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.2.0 Search vendor "Xen" for product "Xen" and version "4.2.0" | x64 |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.2.0 Search vendor "Xen" for product "Xen" and version "4.2.0" | x86 |
Affected
| ||||||