CVE-2012-3432
The MITRE CVE dictionary describes this issue as:
The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.
Find out more about CVE-2012-3432 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Not vulnerable.
The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6,
and Red Hat Enterprise MRG are not affected.
The versions of the kernel-xen packages as shipped with Red Hat Enterprise Linux 5 are not affected as they implement a different MMIO emulation mechanism.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 4.4 |
|---|---|
| Base Metrics | AV:L/AC:M/Au:S/C:N/I:N/A:C |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | Single |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | realtime-kernel | Not affected |
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 5 | kernel-xen | Not affected |
| Red Hat Enterprise Linux 5 | kernel | Not affected |
Acknowledgements
Red Hat would like to thank the Xen for reporting this issue.CVE description copyright © 2017, The MITRE Corporation