Bug 886863 - CVE-2012-6333 kernel: xen: Several HVM operations do not validate the range of their inputs (a different vulnerability than CVE-2012-5511)
CVE-2012-6333 kernel: xen: Several HVM operations do not validate the range ...
Status: CLOSED DUPLICATE of bug 877365
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20121203,repor...
: Security
Depends On:
Blocks: 877406
  Show dependency treegraph
 
Reported: 2012-12-13 07:09 EST by Jan Lieskovsky
Modified: 2015-07-31 02:56 EDT (History)
19 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-13 09:17:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2012-12-13 07:09:10 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-6333 to the following vulnerability:

Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input.

References:
[1]  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6333
[2]  http://www.openwall.com/lists/oss-security/2012/12/03/10
[3]  http://support.citrix.com/article/CTX135777
[4]  http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
[5]  http://www.securityfocus.com/bid/56796
[6]  http://www.osvdb.org/88129
[7]  http://secunia.com/advisories/51397
[8]  http://secunia.com/advisories/51486
[9]  http://secunia.com/advisories/51487
[10] http://xforce.iss.net/xforce/xfdb/80484
Comment 1 Michael Young 2012-12-13 07:25:35 EST
Is this bug actually public? CVE-2012-5511 is but I haven't seen any public references to CVE-2012-6333 yet.
Comment 2 Jan Lieskovsky 2012-12-13 07:34:08 EST
(In reply to comment #1)
> Is this bug actually public? CVE-2012-5511 is but I haven't seen any public
> references to CVE-2012-6333 yet.

Is public via: http://www.openwall.com/lists/oss-security/2012/12/03/10 (CVE-2012-6333 has been assigned by Mitre as 'an addition' to CVE-2012-5511 to the other vector not covered within CVE-2012-5511).

IOW feel free to reference it publicly.
Comment 3 Petr Matousek 2012-12-13 09:17:47 EST

*** This bug has been marked as a duplicate of bug 877365 ***

Note You need to log in before you can comment on or make changes to this bug.