Red Hat Bugzilla – Bug 877404
CVE-2012-5525 kernel: xen: several hypercalls do not validate input GFNs
Last modified: 2013-08-24 10:03:31 EDT
The function get_page_from_gfn does not validate its input GFN. An
invalid GFN passed to a hypercall which uses this function will cause
the hypervisor to read off the end of the frame table and potentially
A malicious PV guest administrator can cause Xen to crash.
If the out of bounds access does not lead to a crash, a carefully
crafted privilege escalation cannot be excluded, even though the guest
doesn't itself control the values written.
Red Hat would like to thank the Xen project for reporting this issue.
This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5.
This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor.
Created xen tracking bugs for this issue
Affects: fedora-all [bug 883094]
xen-4.2.0-6.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.