Red Hat Bugzilla – Bug 851202
CVE-2012-3516 kernel: xen: grant table entry swaps have inadequate bounds checking
Last modified: 2015-08-24 12:05:26 EDT
The grant table hypercall's GNTTABOP_swap_grant_ref sub-operation does not perform adequate checks on the input grant references.
A malicious guest kernel or administrator can crash the host.
It may be possible for an attacker to swap a valid grant reference, which they control, with an invalid one allowing them to write abitrary values to hypervisor memory. This could potentially lead to a
Red Hat would like to thank the Xen project for reporting this issue.
This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5.
This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor.
Now public via:
Created xen tracking bugs for this issue
Affects: fedora-all [bug 854595]