Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2012-3494

Published: Nov 23, 2012 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
5.5 MODERATE
AV:A/AC:L/Au:S/C:N/I:N/A:C
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2012-3494
CWEhttps://cwe.mitre.org/data/definitions/264.html

The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.

Affected Software

Name Vendor Start Version End Version
Xenserver Citrix * 6.0.2 (including)
Xen Xen 4.0.0 (including) 4.0.0 (including)
Xen Xen 4.1.0 (including) 4.1.0 (including)
Xen Xen 4.2.0 (including) 4.2.0 (including)
Xen Ubuntu oneiric *
Xen Ubuntu precise *
Xen Ubuntu upstream *
Xen-3.1 Ubuntu hardy *
Xen-3.2 Ubuntu hardy *
Xen-3.3 Ubuntu lucid *
Xen-3.3 Ubuntu natty *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use