Vulnerability Description
Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | 4.0.0 |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
- http://secunia.com/advisories/51397Vendor Advisory
- http://secunia.com/advisories/51468Vendor Advisory
- http://secunia.com/advisories/51486Vendor Advisory
- http://secunia.com/advisories/51487Vendor Advisory
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://support.citrix.com/article/CTX135777
- http://www.debian.org/security/2012/dsa-2582
FAQ
What is CVE-2012-5510?
CVE-2012-5510 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial o...
How severe is CVE-2012-5510?
CVE-2012-5510 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5510?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.