CVE-2012-3432

The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.debian.org/security/2012/dsa-2531
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html	Exploit Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html
http://www.securityfocus.com/bid/54691
http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:xen:xen:3.3.0:::::::*
	cpe:2.3:o:xen:xen:4.1.1:::::::*
	cpe:2.3:o:xen:xen:4.0.2:::::::*
	cpe:2.3:o:xen:xen:4.0.1:::::::*
	cpe:2.3:o:xen:xen:4.1.3:::::::*
	cpe:2.3:o:xen:xen:4.1.2:::::::*
	cpe:2.3:o:xen:xen:4.1.0:::::::*
	cpe:2.3:o:xen:xen:4.2.0:::::::*
	cpe:2.3:o:xen:xen:4.0.0:::::::*
	cpe:2.3:o:xen:xen:4.0.4:::::::*
	cpe:2.3:o:xen:xen:4.0.3:::::::*

Information

Published : 2012-12-03 13:55

Updated : 2013-10-10 20:44

NVD link : CVE-2012-3432

Mitre link : CVE-2012-3432

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

xen

xen

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.debian.org/security/2012/dsa-2531", "name": "DSA-2531", "tags": [], "refsource": "DEBIAN"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html", "name": "openSUSE-SU-2012:1172", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html", "name": "[Xen-devel] 20120727 Xen Security Advisory 10 (CVE-2012-3432) - HVM user\tmode MMIO emul DoS", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html", "name": "openSUSE-SU-2012:1174", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html", "name": "SUSE-SU-2012:1044", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html", "name": "SUSE-SU-2012:1043", "tags": [], "refsource": "SUSE"}, {"url": "http://www.securityfocus.com/bid/54691", "name": "54691", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/55082", "name": "55082", "tags": [], "refsource": "SECUNIA"}, {"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml", "name": "GLSA-201309-24", "tags": [], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-3432", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-12-03T21:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-10-11T03:44Z"}