Vulnerability Description
The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | <= 4.2.0 |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
- http://secunia.com/advisories/51397Vendor Advisory
- http://secunia.com/advisories/51468Vendor Advisory
- http://secunia.com/advisories/51486Vendor Advisory
- http://secunia.com/advisories/51487Vendor Advisory
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://support.citrix.com/article/CTX135777
- http://www.debian.org/security/2012/dsa-2582
FAQ
What is CVE-2012-5514?
CVE-2012-5514 is a vulnerability with a CVSS score of 4.7 (MEDIUM). The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cau...
How severe is CVE-2012-5514?
CVE-2012-5514 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5514?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.