Vulnerability Details : CVE-2012-5510
Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.
Vulnerability category: Denial of service
Products affected by CVE-2012-5510
- cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5510
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5510
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.7
|
MEDIUM | AV:L/AC:M/Au:N/C:N/I:N/A:C |
3.4
|
6.9
|
NIST |
References for CVE-2012-5510
-
http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
openSUSE-SU-2013:0636-1: moderate: xen: security and bugfix update
-
http://www.securityfocus.com/bid/56794
Xen Grant Table Local Denial of Service Vulnerability
-
http://security.gentoo.org/glsa/glsa-201309-24.xml
Xen: Multiple vulnerabilities (GLSA 201309-24) — Gentoo security
-
http://www.debian.org/security/2012/dsa-2582
Debian -- Security Information -- DSA-2582-1 xen
-
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
[security-announce] SUSE-SU-2012:1615-1: important: Security update for
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/80478
Xen grant table denial of service CVE-2012-5510 Vulnerability Report
-
http://support.citrix.com/article/CTX135777
Citrix XenServer Multiple Security Updates
-
http://www.openwall.com/lists/oss-security/2012/12/03/6
oss-security - Xen Security Advisory 26 (CVE-2012-5510) - Grant table version switch list corruption vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
[security-announce] SUSE-SU-2014:0446-1: important: Security update for
-
http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
openSUSE-SU-2013:0637-1: moderate: xen: security and bugfix update
-
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html
[security-announce] openSUSE-SU-2013:0133-1: important: xen to fix vario
-
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html
[security-announce] openSUSE-SU-2012:1685-1: important: xen to fix vario
-
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html
[security-announce] openSUSE-SU-2012:1687-1: important: xen to fix vario
Jump to