CVE-2012-3495
Last modified
CVE-2012-3495 is a vulnerability of currently unknown severity. The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.. EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Xenserver | <= 6.0.2 |
| Citrix | Xenserver | 5.0 |
| Citrix | Xenserver | 5.5 |
| Citrix | Xenserver | 5.6 |
| Citrix | Xenserver | 6.0 |
| Xen | Xen | 4.1.0 |
| Xen | Xen | 4.1.1 |
| Xen | Xen | 4.1.2 |
| Xen | Xen | 4.1.3 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-3495?
How severe is CVE-2012-3495?
How do I fix CVE-2012-3495?
Are you affected by CVE-2012-3495?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST