Vulnerability Name:

CVE-2012-2934 (CCN-76226)

Assigned:2012-06-12
Published:2012-06-12
Updated:2014-05-05
Summary:Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P)
1.4 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.6 Medium (REDHAT CVSS v2 Vector: AV:A/AC:H/Au:N/C:N/I:N/A:C)
3.4 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2012-2934

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:1572

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:1573

Source: CCN
Type: XSA-9
Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121)

Source: MLIST
Type: Patch, Vendor Advisory
[Xen-announce] 20120612 [Xen-announce] Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121)

Source: CCN
Type: RHSA-2012-0721
Important: kernel security update

Source: CCN
Type: SA49381
Xen Privilege Escalation and Denial of Service Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
51413

Source: SECUNIA
Type: UNKNOWN
55082

Source: GENTOO
Type: UNKNOWN
GLSA-201309-24

Source: MISC
Type: UNKNOWN
http://support.amd.com/us/Processor_TechDocs/25759.pdf

Source: DEBIAN
Type: UNKNOWN
DSA-2501

Source: DEBIAN
Type: DSA-2501
xen -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 82933
Xen Non-Canonical Boundary Sequential Execution Local DoS

Source: BID
Type: UNKNOWN
53961

Source: CCN
Type: BID-53961
Xen 64-bit PV Guests Local Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
xen-system-calls-dos(76226)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:xen:xen:4.0.0:-:*:*:*:*:x64:*
  • OR cpe:/o:xen:xen:4.1.0:-:*:*:*:*:x64:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:xensource:xen:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:3.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20122934
    V
    		CVE-2012-2934
    2022-05-20
    oval:org.opensuse.security:def:33024
    P
    		Security update for util-linux (Moderate)
    2021-10-19
    oval:org.opensuse.security:def:33725
    P
    		Security update for webkit2gtk3 (Important)
    2021-10-06
    oval:org.opensuse.security:def:33701
    P
    		Security update for java-1_8_0-openjdk (Important)
    2021-08-20
    oval:org.opensuse.security:def:33662
    P
    		Security update for MozillaFirefox (Important)
    2021-06-08
    oval:org.opensuse.security:def:32934
    P
    		Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:32933
    P
    		Security update for libwebp (Critical)
    2021-06-02
    oval:org.opensuse.security:def:34447
    P
    		Security update for dhcp (Important)
    2021-06-01
    oval:org.opensuse.security:def:29363
    P
    		Security update for djvulibre (Important)
    2021-05-19
    oval:org.opensuse.security:def:34407
    P
    		Security update for xorg-x11-server (Important)
    2021-04-13
    oval:org.opensuse.security:def:33769
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:28935
    P
    		Security update for wpa_supplicant (Important)
    2021-02-15
    oval:org.opensuse.security:def:28924
    P
    		Security update for openvswitch (Important)
    2021-02-03
    oval:org.opensuse.security:def:28923
    P
    		Security update for MozillaFirefox (Important)
    2021-01-29
    oval:org.opensuse.security:def:32945
    P
    		Security update for mutt (Moderate)
    2021-01-22
    oval:org.opensuse.security:def:29570
    P
    		Security update for SuSEfirewall2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33254
    P
    		sendmail on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29658
    P
    		Security update for curl (Important)
    2020-12-01
    oval:org.opensuse.security:def:33399
    P
    		Security update for python-pycrypto (Important)
    2020-12-01
    oval:org.opensuse.security:def:29135
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:29720
    P
    		Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:33613
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:29278
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:30395
    P
    		Security update for Xen
    2020-12-01
    oval:org.opensuse.security:def:29516
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33159
    P
    		liblzo2-2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29619
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:33311
    P
    		libopenssl1-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29004
    P
    		Security update for conntrack-tools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29676
    P
    		Security update for dnsmasq
    2020-12-01
    oval:org.opensuse.security:def:33556
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29221
    P
    		Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:30358
    P
    		Security update for wget
    2020-12-01
    oval:org.mitre.oval:def:27635
    P
    		ELSA-2012-0721-1 -- kernel security update (important)
    2015-03-16
    oval:org.mitre.oval:def:18625
    P
    		DSA-2501-1 xen - several
    2014-06-23
    oval:org.mitre.oval:def:22895
    P
    		ELSA-2012:0721: kernel security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:21347
    P
    		RHSA-2012:0721: kernel security update (Important)
    2014-02-24
    oval:com.ubuntu.precise:def:20122934000
    V
    		CVE-2012-2934 on Ubuntu 12.04 LTS (precise) - low.
    2012-12-03
    oval:com.redhat.rhsa:def:20120721
    P
    		RHSA-2012:0721: kernel security update (Important)
    2012-06-12
    BACK
    xen xen 4.0.0 -
    xen xen 4.1.0 -
    xensource xen 4.0
    xensource xen 4.1
    xensource xen 3.4
    redhat enterprise linux 5
    redhat enterprise linux 5