Bug 877404 (CVE-2012-5525) - CVE-2012-5525 kernel: xen: several hypercalls do not validate input GFNs
Summary: CVE-2012-5525 kernel: xen: several hypercalls do not validate input GFNs
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2012-5525
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 883094
Blocks: 877406
TreeView+ depends on / blocked
 
Reported: 2012-11-16 12:39 UTC by Petr Matousek
Modified: 2023-05-11 20:54 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-24 14:03:31 UTC
Embargoed:


Attachments (Terms of Use)

Description Petr Matousek 2012-11-16 12:39:45 UTC
The function get_page_from_gfn does not validate its input GFN. An
invalid GFN passed to a hypercall which uses this function will cause
the hypervisor to read off the end of the frame table and potentially
crash.
                                                                                                                                                                                                                                                                                                                          
A malicious PV guest administrator can cause Xen to crash.
If the out of bounds access does not lead to a crash, a carefully
crafted privilege escalation cannot be excluded, even though the guest
doesn't itself control the values written.
 
Acknowledgements:

Red Hat would like to thank the Xen project for reporting this issue.

Comment 3 Petr Matousek 2012-11-16 12:43:10 UTC
Statement:

Not vulnerable.

This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5.

This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor.

Comment 4 Petr Matousek 2012-12-03 18:26:45 UTC
Created xen tracking bugs for this issue

Affects: fedora-all [bug 883094]

Comment 5 Fedora Update System 2012-12-12 00:16:33 UTC
xen-4.2.0-6.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.