Xen 3.4 through 4.2, and possibly earlier versions, does not properly
synchronize the p2m and m2p tables when the set_p2m_entry function fails,
which allows local HVM guest OS administrators to cause a denial of service
(memory consumption and assertion failure), aka “Memory mapping failure DoS
vulnerability.”
Author | Note |
---|---|
kees | for full-virtualization issues, add qemu (and kvm) |
lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html
osvdb.org/87307
www.openwall.com/lists/oss-security/2012/11/13/6
www.securitytracker.com/id?1027761
xforce.iss.net/xforce/xfdb/80024
launchpad.net/bugs/cve/CVE-2012-4537
nvd.nist.gov/vuln/detail/CVE-2012-4537
security-tracker.debian.org/tracker/CVE-2012-4537
www.cve.org/CVERecord?id=CVE-2012-4537