CVE-2012-3495

Severity Score

6.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.

La hypercall physdev_get_free_pirq en arch/x86/physdev.c en Xen v4.1.x y Citrix XenServer v6.0.2 y anteriores utiliza el valor devuelto por la función get_free_pirq como un índice de la matriz sin comprobar que el valor de retorno indica un error, permitiendo a los huéspedes del OS invitado causar una denegación de servicio (escritura de memoria no válidas y caída del host) y, posiblemente, obtener privilegios a través de vectores no especificados.

*Credits: N/A

CVSS Scores

NISTv2 6.1

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-06-14 CVE Reserved
2012-11-23 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (16)

URL	Tag	Source
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html	Mailing List
http://secunia.com/advisories/51413	Third Party Advisory
http://secunia.com/advisories/55082	Third Party Advisory
http://support.citrix.com/article/CTX134708	X_refsource_confirm
http://wiki.xen.org/wiki/Security_Announcements#XSA-13_hypercall_physdev_get_free_pirq_vulnerability	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2012/09/05/6	Mailing List
http://www.securityfocus.com/bid/55406	Vdb Entry
http://www.securitytracker.com/id?1027480	Vdb Entry
http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/6779ddca8593	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html	2017-07-01
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html	2017-07-01
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html	2017-07-01
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html	2017-07-01
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html	2017-07-01
http://security.gentoo.org/glsa/glsa-201309-24.xml	2017-07-01
https://security.gentoo.org/glsa/201604-03	2017-07-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Citrix Search vendor "Citrix"		Xenserver Search vendor "Citrix" for product "Xenserver"				<= 6.0.2 Search vendor "Citrix" for product "Xenserver" and version " <= 6.0.2"		-		Affected
Citrix Search vendor "Citrix"		Xenserver Search vendor "Citrix" for product "Xenserver"				5.0 Search vendor "Citrix" for product "Xenserver" and version "5.0"		-		Affected
Citrix Search vendor "Citrix"		Xenserver Search vendor "Citrix" for product "Xenserver"				5.5 Search vendor "Citrix" for product "Xenserver" and version "5.5"		-		Affected
Citrix Search vendor "Citrix"		Xenserver Search vendor "Citrix" for product "Xenserver"				5.6 Search vendor "Citrix" for product "Xenserver" and version "5.6"		-		Affected
Citrix Search vendor "Citrix"		Xenserver Search vendor "Citrix" for product "Xenserver"				5.6 Search vendor "Citrix" for product "Xenserver" and version "5.6"		fp1		Affected
Citrix Search vendor "Citrix"		Xenserver Search vendor "Citrix" for product "Xenserver"				5.6 Search vendor "Citrix" for product "Xenserver" and version "5.6"		sp2		Affected
Citrix Search vendor "Citrix"		Xenserver Search vendor "Citrix" for product "Xenserver"				6.0 Search vendor "Citrix" for product "Xenserver" and version "6.0"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.1.0 Search vendor "Xen" for product "Xen" and version "4.1.0"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.1.1 Search vendor "Xen" for product "Xen" and version "4.1.1"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.1.2 Search vendor "Xen" for product "Xen" and version "4.1.2"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.1.3 Search vendor "Xen" for product "Xen" and version "4.1.3"		-		Affected