Vulnerability Details : CVE-2012-4535

Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."
Publish Date : 2012-11-21 Last Update Date : 2017-08-29

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	1.9
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of Service
CWE ID	399

- Related OVAL Definitions

Title	Definition Id	Family
DEPRECATED: ELSA-2012-1540 -- kernel security, bug fix, and enhancement update (important)	oval:org.mitre.oval:def:27435	unix
DSA-2582-1 xen - denial of service	oval:org.mitre.oval:def:20155	unix
ELSA-2012-1540-1 -- kernel security, bug fix, and enhancement update (important)	oval:org.mitre.oval:def:27375	unix
ELSA-2012:1540: kernel security, bug fix, and enhancement update (Important)	oval:org.mitre.oval:def:23068	unix
RHSA-2012:1540: kernel security, bug fix, and enhancement update (Important)	oval:org.mitre.oval:def:21233	unix
RHSA-2012:1540: kernel security, bug fix, and enhancement update (Important)	oval:com.redhat.rhsa:def:20121540	unix
SUSE-SU-2014:0470-1 -- Security update for Xen	oval:org.mitre.oval:def:25516	unix
SUSE-SU-2014:0446-1 -- Security update for Xen	oval:org.mitre.oval:def:25115	unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2012-4535

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	OS	XEN	XEN	3.4.0	*	*	*	Version Details Vulnerabilities
2	OS	XEN	XEN	3.4.1	*	*	*	Version Details Vulnerabilities
3	OS	XEN	XEN	3.4.2	*	*	*	Version Details Vulnerabilities
4	OS	XEN	XEN	3.4.3	*	*	*	Version Details Vulnerabilities
5	OS	XEN	XEN	3.4.4	*	*	*	Version Details Vulnerabilities
6	OS	XEN	XEN	4.0.0	*	*	*	Version Details Vulnerabilities
7	OS	XEN	XEN	4.0.1	*	*	*	Version Details Vulnerabilities
8	OS	XEN	XEN	4.0.2	*	*	*	Version Details Vulnerabilities
9	OS	XEN	XEN	4.0.3	*	*	*	Version Details Vulnerabilities
10	OS	XEN	XEN	4.0.4	*	*	*	Version Details Vulnerabilities
11	OS	XEN	XEN	4.1.0	*	*	*	Version Details Vulnerabilities
12	OS	XEN	XEN	4.1.1	*	*	*	Version Details Vulnerabilities
13	OS	XEN	XEN	4.1.2	*	*	*	Version Details Vulnerabilities
14	OS	XEN	XEN	4.1.3	*	*	*	Version Details Vulnerabilities
15	OS	XEN	XEN	4.2.0	*	*	*	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
XEN	XEN	15

- References For CVE-2012-4535

http://secunia.com/advisories/55082
SECUNIA 55082

http://security.gentoo.org/glsa/glsa-201309-24.xml
GENTOO GLSA-201309-24

http://secunia.com/advisories/51324
SECUNIA 51324

http://secunia.com/advisories/51200
SECUNIA 51200

http://secunia.com/advisories/51413
SECUNIA 51413

http://secunia.com/advisories/51352
SECUNIA 51352

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
SUSE SUSE-SU-2012:1486

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html
SUSE SUSE-SU-2012:1487

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
SUSE openSUSE-SU-2012:1572

http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
SUSE SUSE-SU-2012:1615

http://secunia.com/advisories/51468
SECUNIA 51468

http://rhn.redhat.com/errata/RHSA-2012-1540.html
REDHAT RHSA-2012:1540

http://osvdb.org/87298
OSVDB 87298

http://www.debian.org/security/2012/dsa-2582
DEBIAN DSA-2582

http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html
MLIST [Xen-announce] 20121113 Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability

http://www.openwall.com/lists/oss-security/2012/11/13/1
MLIST [oss-security] 20121113 Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability

http://www.securitytracker.com/id?1027759
SECTRACK 1027759

http://www.securityfocus.com/bid/56498
BID 56498 Xen Multiple Denial of Service Vulnerabilities Release Date:2014-04-04

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
SUSE SUSE-SU-2014:0446

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
SUSE SUSE-SU-2014:0470

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
SUSE openSUSE-SU-2012:1573

https://security.gentoo.org/glsa/201604-03
GENTOO GLSA-201604-03

https://exchange.xforce.ibmcloud.com/vulnerabilities/80022
XF xen-vcpu-dos(80022)

- Metasploit Modules Related To CVE-2012-4535

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)