Published: 13/12/2012 Updated: 13/12/2012

CVSS v2 Base Score: 4.6 | Impact Score: 6.9 | Exploitability Score: 3.1

VMScore: 409

Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C

Xen 4.1.1 and previous versions allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen

Multiple denial of service vulnerabilities have been discovered in the Xen Hypervisor One of the issue (CVE-2012-5513) could even lead to privilege escalation from guest to host Some of the recently published Xen Security Advisories (XSA 25 and 28) are not fixed by this update and should be fixed in a future release CVE-2011-3131 (XSA 5): DoS ...

CWE-399 http://www.securityfocus.com/bid/49146 http://secunia.com/advisories/45622 http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html http://www.debian.org/security/2012/dsa-2582 http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a http://secunia.com/advisories/51468 https://www.debian.org/security/./dsa-2582 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-3131

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect