GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
openSUSE 13.1 openSUSE 13.2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12