CVE-2012-5510

Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:N/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
xenxen
4.0.0
xenxen
4.0.1
xenxen
4.0.2
xenxen
4.0.3
xenxen
4.0.4
xenxen
4.1.0
xenxen
4.1.1
xenxen
4.1.2
xenxen
4.1.3
xenxen
4.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
quantal
Fixed 4.1.3-3ubuntu1.1
released
precise
Fixed 4.1.2-2ubuntu2.3
released
oneiric
Fixed 4.1.1-2ubuntu4.3
released
lucid
dne
hardy
dne
xen-3.3
quantal
dne
precise
dne
oneiric
dne
lucid
not-affected
hardy
dne
References
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
http://secunia.com/advisories/51397
http://secunia.com/advisories/51468
http://secunia.com/advisories/51486
http://secunia.com/advisories/51487
http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://support.citrix.com/article/CTX135777
http://www.debian.org/security/2012/dsa-2582
http://www.openwall.com/lists/oss-security/2012/12/03/6
http://www.osvdb.org/88128
http://www.securityfocus.com/bid/56794
https://exchange.xforce.ibmcloud.com/vulnerabilities/80478
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
http://secunia.com/advisories/51397
http://secunia.com/advisories/51468
http://secunia.com/advisories/51486
http://secunia.com/advisories/51487
http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://support.citrix.com/article/CTX135777
http://www.debian.org/security/2012/dsa-2582
http://www.openwall.com/lists/oss-security/2012/12/03/6
http://www.osvdb.org/88128
http://www.securityfocus.com/bid/56794
https://exchange.xforce.ibmcloud.com/vulnerabilities/80478