CVE-2012-0217

NameCVE-2012-0217
DescriptionThe x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2501-1, DSA-2508-1
NVD severityhigh (attack range: local)
Debian Bugs677297, 677298, 677299
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kfreebsd-10 (PTS)jessie, sid10.1~svn274115-3fixed
kfreebsd-8 (PTS)squeeze8.1+dfsg-8+squeeze4fixed
squeeze (security)8.1+dfsg-8+squeeze3fixed
wheezy8.3-6+deb7u1fixed
kfreebsd-9 (PTS)wheezy9.0-10+deb70.7fixed
wheezy (security)9.0-10+deb70.9fixed
xen (PTS)squeeze (security), squeeze4.0.1-5.11fixed
wheezy4.1.4-3+deb7u3fixed
wheezy (security)4.1.4-3+deb7u5fixed
jessie, sid4.4.1-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kfreebsd-10source(unstable)10.0~svn237137-1high677299
kfreebsd-8source(unstable)8.3-4high677297
kfreebsd-8sourcesqueeze8.1+dfsg-8+squeeze3highDSA-2508-1
kfreebsd-9source(unstable)9.0-4high677298
xensource(unstable)4.1.3~rc1+hg-20120614.a9c0a89c08f2-1high
xensourcesqueeze4.0.1-5.2highDSA-2501-1

Notes

apparently this code is included in freebsd, xen, as well as
microsoft windows, which is also a part of this id assignment (and a
bit strangely the only os currently called out in the mitre description).
also affected the linux kernel, and was fixed 6 years earlier as CVE-2006-0744.

Search for package or bug name: Reporting problems