Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2012-5515

Disclosure Date: December 13, 2012
CVE-2012-5515
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • xen

Products

  • xen,
  • xen 3.0.2,
  • xen 3.0.3,
  • xen 3.0.4,
  • xen 3.1.3,
  • xen 3.1.4,
  • xen 3.2.0,
  • xen 3.2.1,
  • xen 3.2.2,
  • xen 3.2.3,
  • xen 3.3.0,
  • xen 3.3.1,
  • xen 3.3.2,
  • xen 3.4.0,
  • xen 3.4.1,
  • xen 3.4.2,
  • xen 3.4.3,
  • xen 3.4.4,
  • xen 4.0.0,
  • xen 4.0.1,
  • xen 4.0.2,
  • xen 4.0.3,
  • xen 4.0.4,
  • xen 4.1.0,
  • xen 4.1.1,
  • xen 4.1.2,
  • xen 4.1.3

References

Canonical
CVE-2012-5515 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515)
BID-56798 (http://www.securityfocus.com/bid/56798)
Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
XF-xen-extentorder-dos(80479) (https://exchange.xforce.ibmcloud.com/vulnerabilities/80479)
SECUNIA-55082 (http://secunia.com/advisories/55082)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
http://support.citrix.com/article/CTX135777
GLSA-201309-24 (http://security.gentoo.org/glsa/glsa-201309-24.xml)
DSA-2582 (http://www.debian.org/security/2012/dsa-2582)
SECUNIA-51397 (http://secunia.com/advisories/51397)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html
SECUNIA-51486 (http://secunia.com/advisories/51486)
SECUNIA-51487 (http://secunia.com/advisories/51487)
[Xen-announce] 20121203 Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values (http://lists.xen.org/archives/html/xen-announce/2012-12/msg00001.html)
OSVDB-88127 (http://www.osvdb.org/88127)
SECUNIA-51468 (http://secunia.com/advisories/51468)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
[oss-security] 20121203 Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values (http://www.openwall.com/lists/oss-security/2012/12/03/9)
SECUNIA-51495 (http://secunia.com/advisories/51495)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00000.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis