CVE-2012-5513

Common Vulnerabilities and Exposures

Upstream information

CVE-2012-5513 at MITRE

Description

The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range.

NVD CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 789951

SUSE Security Advisories:

SUSE-SU-2012:1606-1, published Tue, 4 Dec 2012 22:08:52 +0100 (CET)
SUSE-SU-2012:1615-1, published Thu, 6 Dec 2012 17:08:57 +0100 (CET)
openSUSE-SU-2012:1685-1, published Sun, 23 Dec 2012 20:08:36 +0100 (CET)
openSUSE-SU-2012:1687-1, published Sun, 23 Dec 2012 20:16:24 +0100 (CET)
openSUSE-SU-2013:0133-1, published Wed, 23 Jan 2013 14:05:00 +0100 (CET)
openSUSE-SU-2013:0636-1, published Mon, 8 Apr 2013 12:04:30 +0200 (CEST)
openSUSE-SU-2013:0637-1, published Mon, 8 Apr 2013 12:07:10 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 10 SP4 for x86	`xen >= 3.2.3_17040_44-0.7.1` `xen-devel >= 3.2.3_17040_44-0.7.1` `xen-doc-html >= 3.2.3_17040_44-0.7.1` `xen-doc-pdf >= 3.2.3_17040_44-0.7.1` `xen-doc-ps >= 3.2.3_17040_44-0.7.1` `xen-kmp-bigsmp >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-default >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-smp >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-libs >= 3.2.3_17040_44-0.7.1` `xen-tools >= 3.2.3_17040_44-0.7.1` `xen-tools-domU >= 3.2.3_17040_44-0.7.1` `xen-tools-ioemu >= 3.2.3_17040_44-0.7.1`	sles10-sp4.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86 sle10-sp4-sdk.x86-64 sles10-sp4-debuginfo.x86-64 sled10-sp4.x86-64 sled10-sp4.x86 ZYPP Patch Nr: 8379
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T	`xen >= 3.2.3_17040_44-0.7.1` `xen-devel >= 3.2.3_17040_44-0.7.1` `xen-doc-html >= 3.2.3_17040_44-0.7.1` `xen-doc-pdf >= 3.2.3_17040_44-0.7.1` `xen-doc-ps >= 3.2.3_17040_44-0.7.1` `xen-kmp-default >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-smp >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-libs >= 3.2.3_17040_44-0.7.1` `xen-libs-32bit >= 3.2.3_17040_44-0.7.1` `xen-tools >= 3.2.3_17040_44-0.7.1` `xen-tools-domU >= 3.2.3_17040_44-0.7.1` `xen-tools-ioemu >= 3.2.3_17040_44-0.7.1`	sles10-sp4.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86 sle10-sp4-sdk.x86-64 sles10-sp4-debuginfo.x86-64 sled10-sp4.x86-64 sled10-sp4.x86 ZYPP Patch Nr: 8379
SUSE Linux Enterprise 10 SP4 DEBUGINFO for AMD64 and Intel EM64T SUSE Linux Enterprise 10 SP4 DEBUGINFO for x86	`xen-debuginfo >= 3.2.3_17040_44-0.7.1`	sles10-sp4.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86 sle10-sp4-sdk.x86-64 sles10-sp4-debuginfo.x86-64 sled10-sp4.x86-64 sled10-sp4.x86 ZYPP Patch Nr: 8379
SLE SDK 10 SP4 for x86	`xen >= 3.2.3_17040_44-0.7.1` `xen-devel >= 3.2.3_17040_44-0.7.1` `xen-kmp-debug >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-kdump >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-libs >= 3.2.3_17040_44-0.7.1` `xen-tools >= 3.2.3_17040_44-0.7.1` `xen-tools-ioemu >= 3.2.3_17040_44-0.7.1`	sles10-sp4.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86 sle10-sp4-sdk.x86-64 sles10-sp4-debuginfo.x86-64 sled10-sp4.x86-64 sled10-sp4.x86 ZYPP Patch Nr: 8379
SLE SDK 10 SP4 for X86-64	`xen >= 3.2.3_17040_44-0.7.1` `xen-devel >= 3.2.3_17040_44-0.7.1` `xen-kmp-debug >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-kdump >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-libs >= 3.2.3_17040_44-0.7.1` `xen-libs-32bit >= 3.2.3_17040_44-0.7.1` `xen-tools >= 3.2.3_17040_44-0.7.1` `xen-tools-ioemu >= 3.2.3_17040_44-0.7.1`	sles10-sp4.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86 sle10-sp4-sdk.x86-64 sles10-sp4-debuginfo.x86-64 sled10-sp4.x86-64 sled10-sp4.x86 ZYPP Patch Nr: 8379
SUSE Linux Enterprise Server 10 SP4 for x86	`xen >= 3.2.3_17040_44-0.7.1` `xen-devel >= 3.2.3_17040_44-0.7.1` `xen-doc-html >= 3.2.3_17040_44-0.7.1` `xen-doc-pdf >= 3.2.3_17040_44-0.7.1` `xen-doc-ps >= 3.2.3_17040_44-0.7.1` `xen-kmp-bigsmp >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-debug >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-default >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-kdump >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-kdumppae >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-smp >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-vmi >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-vmipae >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-libs >= 3.2.3_17040_44-0.7.1` `xen-tools >= 3.2.3_17040_44-0.7.1` `xen-tools-domU >= 3.2.3_17040_44-0.7.1` `xen-tools-ioemu >= 3.2.3_17040_44-0.7.1`	sles10-sp4.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86 sle10-sp4-sdk.x86-64 sles10-sp4-debuginfo.x86-64 sled10-sp4.x86-64 sled10-sp4.x86 ZYPP Patch Nr: 8379
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T	`xen >= 3.2.3_17040_44-0.7.1` `xen-devel >= 3.2.3_17040_44-0.7.1` `xen-doc-html >= 3.2.3_17040_44-0.7.1` `xen-doc-pdf >= 3.2.3_17040_44-0.7.1` `xen-doc-ps >= 3.2.3_17040_44-0.7.1` `xen-kmp-debug >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-default >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-kdump >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-kmp-smp >= 3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1` `xen-libs >= 3.2.3_17040_44-0.7.1` `xen-libs-32bit >= 3.2.3_17040_44-0.7.1` `xen-tools >= 3.2.3_17040_44-0.7.1` `xen-tools-domU >= 3.2.3_17040_44-0.7.1` `xen-tools-ioemu >= 3.2.3_17040_44-0.7.1`	sles10-sp4.x86-64 sles10-sp4.x86 sles10-sp4-debuginfo.x86 sle10-sp4-sdk.x86 sle10-sp4-sdk.x86-64 sles10-sp4-debuginfo.x86-64 sled10-sp4.x86-64 sled10-sp4.x86 ZYPP Patch Nr: 8379
SLE 11 SP2 DEBUGINFO	`xen-debuginfo >= 4.1.4_02-0.5.1` `xen-debugsource >= 4.1.4_02-0.5.1`	Builds SAT Patch Nr: 7492
SUSE Linux Enterprise Software Development Kit 11 SP2	`xen-devel >= 4.1.4_02-0.5.1`	Builds SAT Patch Nr: 7492
SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2	`xen-kmp-default >= 4.1.4_02_3.0.58_0.6.6-0.5.1` `xen-kmp-pae >= 4.1.4_02_3.0.58_0.6.6-0.5.1` `xen-kmp-trace >= 4.1.4_02_3.0.58_0.6.6-0.5.1` `xen-libs >= 4.1.4_02-0.5.1` `xen-tools-domU >= 4.1.4_02-0.5.1`	Builds SAT Patch Nr: 7492
SUSE Linux Enterprise Server 11 SP2 for VMware	`xen-kmp-trace >= 4.1.4_02_3.0.58_0.6.6-0.5.1`	Builds SAT Patch Nr: 7492
SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2	`xen >= 4.1.4_02-0.5.1` `xen-doc-html >= 4.1.4_02-0.5.1` `xen-doc-pdf >= 4.1.4_02-0.5.1` `xen-kmp-default >= 4.1.4_02_3.0.58_0.6.6-0.5.1` `xen-kmp-trace >= 4.1.4_02_3.0.58_0.6.6-0.5.1` `xen-libs >= 4.1.4_02-0.5.1` `xen-libs-32bit >= 4.1.4_02-0.5.1` `xen-tools >= 4.1.4_02-0.5.1` `xen-tools-domU >= 4.1.4_02-0.5.1`	Builds SAT Patch Nr: 7492
SLE 11 SP2 DEBUGINFO	`xen-debuginfo >= 4.1.3_06-0.7.1` `xen-debugsource >= 4.1.3_06-0.7.1`	sles11-sp2.x86-64 sle11-sp2-sdk.x86-64 sles11-sp2-vmware.x86-64 sled11-sp2.x86-64 SAT Patch Nr: 7133
SUSE Linux Enterprise Software Development Kit 11 SP2	`xen-devel >= 4.1.3_06-0.7.1`	sles11-sp2.x86-64 sle11-sp2-sdk.x86-64 sles11-sp2-vmware.x86-64 sled11-sp2.x86-64 SAT Patch Nr: 7133
SUSE Linux Enterprise Server 11 SP2 for VMware	`xen-kmp-trace >= 4.1.3_06_3.0.51_0.7.9-0.7.1`	sles11-sp2.x86-64 sle11-sp2-sdk.x86-64 sles11-sp2-vmware.x86-64 sled11-sp2.x86-64 SAT Patch Nr: 7133
SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2	`xen >= 4.1.3_06-0.7.1` `xen-doc-html >= 4.1.3_06-0.7.1` `xen-doc-pdf >= 4.1.3_06-0.7.1` `xen-kmp-default >= 4.1.3_06_3.0.51_0.7.9-0.7.1` `xen-kmp-trace >= 4.1.3_06_3.0.51_0.7.9-0.7.1` `xen-libs >= 4.1.3_06-0.7.1` `xen-libs-32bit >= 4.1.3_06-0.7.1` `xen-tools >= 4.1.3_06-0.7.1` `xen-tools-domU >= 4.1.3_06-0.7.1`	sles11-sp2.x86-64 sle11-sp2-sdk.x86-64 sles11-sp2-vmware.x86-64 sled11-sp2.x86-64 SAT Patch Nr: 7133

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy