CVE-2012-3432

NameCVE-2012-3432
DescriptionThe handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2531-1
NVD severitylow (attack range: local)
Debian Bugs683279

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)wheezy4.1.4-3+deb7u9fixed
wheezy (security)4.1.6.1-1+deb7u1fixed
jessie4.4.1-9+deb8u4fixed
jessie (security)4.4.1-9+deb8u5fixed
stretch, sid4.6.0-1+nmu2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensource(unstable)4.1.3-1low683279
xensourcesqueeze4.0.1-5.3lowDSA-2531-1

Search for package or bug name: Reporting problems