CVE-2012-5510

NameCVE-2012-5510
DescriptionXen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2582-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)jessie4.4.1-9+deb8u10fixed
jessie (security)4.4.4lts5-0+deb8u1fixed
stretch4.8.5+shim4.10.2+xsa282-1+deb9u11fixed
stretch (security)4.8.5.final+shim4.10.4-1+deb9u12fixed
buster4.11.1+92-g6c33308a8d-2fixed
buster (security)4.11.3+24-g14b62ab3e5-1~deb10u1fixed
bullseye, sid4.11.3+24-g14b62ab3e5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensource(unstable)4.1.3-5
xensourcesqueeze4.0.1-5.5DSA-2582-1

Search for package or bug name: Reporting problems