The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.
Advisories
Source ID Title
EUVD EUVD EUVD-2012-3451 The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T20:05:12.705Z

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3495

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2012-11-23T20:55:03.150

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-3495

cve-icon Redhat

Severity : Moderate

Publid Date: 2012-09-05T00:00:00Z

Links: CVE-2012-3495 - Bugzilla

cve-icon OpenCVE Enrichment

No data.