cvelistv5 - cve-2012-5510

CVE-2012-5510 (GCVE-0-2012-5510)

Vulnerability from cvelistv5

Published

2012-12-13 11:00

Modified

2024-08-06 21:05

Severity ?

CWE

Summary

Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2012/12/03/6	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/55082	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://support.citrix.com/article/CTX135777	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201309-24.xml	vendor-advisory, x_refsource_GENTOO
	http://www.debian.org/security/2012/dsa-2582	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/51397	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/51486	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/51487	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/56794	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/51468	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://www.osvdb.org/88128	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/80478	vdb-entry, x_refsource_XF
	http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:47.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20121203 Xen Security Advisory 26 (CVE-2012-5510) - Grant table version  switch list corruption vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/12/03/6"
          },
          {
            "name": "55082",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55082"
          },
          {
            "name": "openSUSE-SU-2013:0133",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2013:0637",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX135777"
          },
          {
            "name": "GLSA-201309-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
          },
          {
            "name": "DSA-2582",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2582"
          },
          {
            "name": "51397",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51397"
          },
          {
            "name": "openSUSE-SU-2012:1685",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html"
          },
          {
            "name": "51486",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51486"
          },
          {
            "name": "51487",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51487"
          },
          {
            "name": "56794",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56794"
          },
          {
            "name": "51468",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51468"
          },
          {
            "name": "openSUSE-SU-2013:0636",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
          },
          {
            "name": "SUSE-SU-2014:0446",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
          },
          {
            "name": "openSUSE-SU-2012:1687",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html"
          },
          {
            "name": "88128",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/88128"
          },
          {
            "name": "xen-grant-table-dos(80478)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80478"
          },
          {
            "name": "SUSE-SU-2012:1615",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20121203 Xen Security Advisory 26 (CVE-2012-5510) - Grant table version  switch list corruption vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/12/03/6"
        },
        {
          "name": "55082",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55082"
        },
        {
          "name": "openSUSE-SU-2013:0133",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2013:0637",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX135777"
        },
        {
          "name": "GLSA-201309-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
        },
        {
          "name": "DSA-2582",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2582"
        },
        {
          "name": "51397",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51397"
        },
        {
          "name": "openSUSE-SU-2012:1685",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html"
        },
        {
          "name": "51486",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51486"
        },
        {
          "name": "51487",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51487"
        },
        {
          "name": "56794",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56794"
        },
        {
          "name": "51468",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51468"
        },
        {
          "name": "openSUSE-SU-2013:0636",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
        },
        {
          "name": "SUSE-SU-2014:0446",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
        },
        {
          "name": "openSUSE-SU-2012:1687",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html"
        },
        {
          "name": "88128",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/88128"
        },
        {
          "name": "xen-grant-table-dos(80478)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80478"
        },
        {
          "name": "SUSE-SU-2012:1615",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-5510",
    "datePublished": "2012-12-13T11:00:00.000Z",
    "dateReserved": "2012-10-24T00:00:00.000Z",
    "dateUpdated": "2024-08-06T21:05:47.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-704

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Citrix XenServer. Elles permettent à un attaquant de provoquer des dénis de service et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions de Citrix XenServer.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix XenServer CTX135777 du 04 novembre 2012	None	vendor-advisory
Bulletin de sécurité Citrix XenServer CTX135777 du 04 novembre 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eToutes les versions de Citrix XenServer.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-5512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5512"
    },
    {
      "name": "CVE-2012-5511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5511"
    },
    {
      "name": "CVE-2012-5514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5514"
    },
    {
      "name": "CVE-2012-5513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5513"
    },
    {
      "name": "CVE-2012-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5515"
    },
    {
      "name": "CVE-2012-5510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5510"
    }
  ],
  "initial_release_date": "2012-12-05T00:00:00",
  "last_revision_date": "2012-12-05T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix XenServer CTX135777 du 04    novembre 2012 :",
      "url": "http://support.citrix.com/article/CTX135777"
    }
  ],
  "reference": "CERTA-2012-AVI-704",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCitrix XenServer\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer des d\u00e9nis de service et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix XenServer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix XenServer CTX135777 du 04 novembre 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-703

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Xen. Elles permettent à un attaquant de provoquer des dénis de service et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions de Xen.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Xen XSA-32 du 03 novembre 2012	None	vendor-advisory
Bulletin de sécurité Xen XSA-28 du 03 novembre 2012	None	vendor-advisory
Bulletin de sécurité Xen XSA-29 du 03 novembre 2012	None	vendor-advisory
Bulletin de sécurité Xen XSA-30 du 03 novembre 2012	None	vendor-advisory
Bulletin de sécurité Xen XSA-26 du 03 novembre 2012	None	vendor-advisory
Bulletin de sécurité Xen XSA-27 du 03 novembre 2012	None	vendor-advisory
Bulletin de sécurité Xen XSA-31 du 03 novembre 2012	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eToutes les versions de Xen.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-5512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5512"
    },
    {
      "name": "CVE-2012-5511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5511"
    },
    {
      "name": "CVE-2012-5514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5514"
    },
    {
      "name": "CVE-2012-5513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5513"
    },
    {
      "name": "CVE-2012-5525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5525"
    },
    {
      "name": "CVE-2012-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5515"
    },
    {
      "name": "CVE-2012-5510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5510"
    }
  ],
  "initial_release_date": "2012-12-05T00:00:00",
  "last_revision_date": "2012-12-05T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-703",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eXen\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\ndes d\u00e9nis de service et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-32 du 03 novembre 2012",
      "url": "http://lists.xen.org/archives/html/xen-announce/2012-12/msg00002.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-28 du 03 novembre 2012",
      "url": "http://lists.xen.org/archives/html/xen-announce/2012-12/msg00003.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-29 du 03 novembre 2012",
      "url": "http://lists.xen.org/archives/html/xen-announce/2012-12/msg00004.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-30 du 03 novembre 2012",
      "url": "http://lists.xen.org/archives/html/xen-announce/2012-12/msg00005.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-26 du 03 novembre 2012",
      "url": "http://lists.xen.org/archives/html/xen-announce/2012-12/msg00000.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-27 du 03 novembre 2012",
      "url": "http://lists.xen.org/archives/html/xen-announce/2012-12/msg00006.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-31 du 03 novembre 2012",
      "url": "http://lists.xen.org/archives/html/xen-announce/2012-12/msg00001.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2012-5510 (GCVE-0-2012-5510)

Vulnerability from cvelistv5

CERTA-2012-AVI-704

Vulnerability from certfr_avis

Solution

CERTA-2012-AVI-703

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature