CVE Reference: CVE-2012-3516

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-3516

Description:
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location.

CVE Status:
Candidate

References:

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html

SAID
  Secunia Advisory: SA50472
  Secunia Advisory: SA50530

MLIST
  http://www.openwall.com/lists/oss-security/2012/09/05/11

CONFIRM
  http://support.citrix.com/article/CTX134708
  http://wiki.xen.org/wiki/Security_Announcements#XSA-18_grant_table_entry_swaps_have_inadequate_bounds_checking

BID
  55411


Return to the previous page.