Published: 03/12/2012 Updated: 11/10/2013

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen 4.0.0
xen xen 4.1.0
xen xen 3.4.0

Several vulnerabilities were discovered in Xen, a hypervisor CVE-2012-0217 Xen does not properly handle uncanonical return addresses on Intel amd64 CPUs, allowing amd64 PV guests to elevate to hypervisor privileges AMD processors, HVM and i386 guests are not affected CVE-2012-0218 Xen does not properly handle SYSCALL and SYSENTER instructi ...

NVD-CWE-Other http://www.debian.org/security/2012/dsa-2501 http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml https://nvd.nist.gov https://www.debian.org/security/./dsa-2501

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-0218

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect