CVE-2012-3496 — MEDIUM (4.7)

Q: How severe is CVE-2012-3496?

CVE-2012-3496 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-3496?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Xenserver, Xen Xen.

Vulnerability Description

XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.

CVSS Score

4.7

MEDIUM

AV:L/AC:M/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Citrix	Xenserver	<= 6.0.2
Xen	Xen	4.0.0

Related Weaknesses (CWE)

CWE-16

References

FAQ

What is CVE-2012-3496?

CVE-2012-3496 is a vulnerability with a CVSS score of 4.7 (MEDIUM). XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG t...

How severe is CVE-2012-3496?

CVE-2012-3496 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-3496?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Xenserver, Xen Xen.