Vulnerability Details : CVE-2012-2934
Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.
Vulnerability category: Denial of service
Products affected by CVE-2012-2934
- cpe:2.3:o:xen:xen:4.0.0:-:*:*:*:*:x64:*
- cpe:2.3:o:xen:xen:4.1.0:-:*:*:*:*:x64:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2934
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2934
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
1.9
|
LOW | AV:L/AC:M/Au:N/C:N/I:N/A:P |
3.4
|
2.9
|
NIST |
References for CVE-2012-2934
-
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
Xen project Mailing ListPatch;Vendor Advisory
-
http://security.gentoo.org/glsa/glsa-201309-24.xml
Xen: Multiple vulnerabilities (GLSA 201309-24) — Gentoo security
-
http://www.debian.org/security/2012/dsa-2501
Debian -- Security Information -- DSA-2501-1 xen
-
http://support.amd.com/us/Processor_TechDocs/25759.pdf
AMD Drivers and Support for Radeon, Radeon Pro, FirePro, APU, CPU, Ryzen, desktops, laptops
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
[security-announce] openSUSE-SU-2012:1572-1: important: XEN: security an
-
http://www.securityfocus.com/bid/53961
Xen 64-bit PV Guests Local Denial of Service Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
[security-announce] openSUSE-SU-2012:1573-1: important: XEN: security an
Jump to