Red Hat Bugzilla – Bug 877391
CVE-2012-5513 kernel: xen: XENMEM_exchange may overwrite hypervisor memory
Last modified: 2015-02-16 10:43:54 EST
The handler for XENMEM_exchange accesses guest memory without range checking
the guest provided addresses, thus allowing these accesses to include the
hypervisor reserved range.
A malicious PV guest administrator can cause Xen to crash. If the out of address
space bounds access does not lead to a crash, a carefully crafted privilege
escalation cannot be excluded, even though the guest doesn't itself control
the values written.
Red Hat would like to thank the Xen project for reporting this issue.
This issue did affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5.
This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor.
Created xen tracking bugs for this issue
Affects: fedora-all [bug 883088]
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2012:1540 https://rhn.redhat.com/errata/RHSA-2012-1540.html
xen-4.2.0-6.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
xen-4.1.3-7.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
xen-4.1.3-6.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.