886863 – CVE-2012-6333 kernel: xen: Several HVM operations do not validate the range of their inputs (a different vulnerability than CVE-2012-5511)

Bug 886863 - CVE-2012-6333 kernel: xen: Several HVM operations do not validate the range of their inputs (a different vulnerability than CVE-2012-5511)

Summary: CVE-2012-6333 kernel: xen: Several HVM operations do not validate the range ...

Keywords:
Status:	CLOSED DUPLICATE of bug 877365
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	877406
TreeView+	depends on / blocked

Reported:	2012-12-13 12:09 UTC by Jan Lieskovsky
Modified:	2019-09-29 12:58 UTC (History)
CC List:	19 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-12-13 14:17:47 UTC
Embargoed:

Attachments	(Terms of Use)

Description Jan Lieskovsky 2012-12-13 12:09:10 UTC

Common Vulnerabilities and Exposures assigned an identifier CVE-2012-6333 to the following vulnerability:

Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input.

References:
[1]  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6333
[2]  http://www.openwall.com/lists/oss-security/2012/12/03/10
[3]  http://support.citrix.com/article/CTX135777
[4]  http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
[5]  http://www.securityfocus.com/bid/56796
[6]  http://www.osvdb.org/88129
[7]  http://secunia.com/advisories/51397
[8]  http://secunia.com/advisories/51486
[9]  http://secunia.com/advisories/51487
[10] http://xforce.iss.net/xforce/xfdb/80484

Comment 1 Michael Young 2012-12-13 12:25:35 UTC

Is this bug actually public? CVE-2012-5511 is but I haven't seen any public references to CVE-2012-6333 yet.

Comment 2 Jan Lieskovsky 2012-12-13 12:34:08 UTC

(In reply to comment #1)
> Is this bug actually public? CVE-2012-5511 is but I haven't seen any public
> references to CVE-2012-6333 yet.

Is public via: http://www.openwall.com/lists/oss-security/2012/12/03/10 (CVE-2012-6333 has been assigned by Mitre as 'an addition' to CVE-2012-5511 to the other vector not covered within CVE-2012-5511).

IOW feel free to reference it publicly.

Comment 3 Petr Matousek 2012-12-13 14:17:47 UTC


*** This bug has been marked as a duplicate of bug 877365 ***

Note You need to log in before you can comment on or make changes to this bug.